REST Service Security

RESTful web services APIs can be secured; that is, so a URL can be consumed only by those providing authentication. For details, see the following subsections.

• REST Security Classes and Entities

• Associating Required JSON Web Token Claims with REST API Methods

JADE provides the ability to restrict JADE REST APIs so that only clients with a valid bearer token can consume the API. In addition, an API developer can customize the rules on what constitute a valid token to meet your requirements.

REST service security allows for the validation of token signatures, including Asymmetrical tokens (for example, RS256) signed from third‑party Auth providers. It also allows for the generation of Symmetrical tokens (for example, HS256) and the association of required claims such as access level or token expiry against specific REST service methods.

The supported token is JSON Web Token (JWT) – an open standard tracked by RFC 7519. The JWT standard defines a compact and self‑contained way for securely transmitting information between parties represented as a JSON object.

2020.0.01 and higher