The chat responses are generated using Generative AI technology for intuitive search and may not be entirely accurate. They are not intended as professional advice. For full details, including our use rights, privacy practices and potential export control restrictions, please refer to our Generative AI Service Terms of Use and Generative AI Service Privacy Information. As this is a test version, please let us know if something irritating comes up. Like you get recommended a chocolate fudge ice cream instead of an energy managing application. If that occurs, please use the feedback button in our contact form!

Provide Feedback

Feedback sent

Thank you for your feedback!

Provide Feedback

Please log in to provide feedback
Skip to content
Siemens Xcelerator Marketplace

Protection of HTTP-based APIs

Context

This guideline applies for all APIs requiring access protection, which are realized based on HTTP. This includes for example REST APIs. The mechanisms described in this guideline do not suffice for use cases requiring proof of possession.

Description

The Siemens Xcelerator IAM Guidelines MUST be followed. The parts of the IAM Guidelines with direct relevance for APIs are provided in the following.

APIs MUST adhere to OAuth 2.0 Bearer Token Usage as described in RFC 6750, including TLS (transport layer security, i.e., HTTPS). API clients MUST provide exactly one header

Authorization: Bearer <ACCESS_TOKEN>

where <ACCESS_TOKEN> is to be replaced with a valid access token.

Examples

A client equipped with OAuth 2.0 client credentials has obtained an access token (shortened here)

eyJh...O2ttjH_XC8

from the IAM authorization server responsible for an API. The client then invokes the API by attaching a header

Authorization: Bearer eyJh...O2ttjH_XC8

to all of its requests.

Contact us