API Resources Configuration

Define and protect API resources.

Configuration Parameters

  • Name - The unique name of the API. This value is used for authentication with introspection and will be added to the audience of the outgoing access token.

  • Display Name - This value can be used e.g. on the consent screen.

  • Description - This value can be used e.g. on the consent screen.

  • Show In Discovery Document - Specifies whether this scope is shown in the discovery document. Defaults to true.

  • Enabled - Indicates if this resource is enabled and can be requested. Defaults to true.

  • Allowed Access Token Signing Algorithms - List of allowed signing algorithms for an access token. If empty, will use the server default signing algorithm.

  • User Claims - List of associated user claim types that should be included in the access token.

  • Scopes - An API must have at least one scope. Each scope can have different settings.

  • Secrets - The API secret is used for the introspection endpoint. The API can authenticate with introspection using the API name and secret.

  • Secret Type - Some string that gives the secret validator a hint what type of secret to expect (e.g. "SharedSecret" or "X509CertificateThumbprint").

  • Secret Value -The value of the secret. This is being interpreted by the secret validator (e.g. a "password"-like share secret or something else that identifies a credential).

  • Hash Type - Hashing Algorithm Type. HashType will be applicable only for the SharedSecret type.

  • Expiration - A point in time, where this secret will expire.

  • Description - The description of the secret - useful for attaching some extra information to the secret.

  • Properties - Dictionary to hold any custom API resource-specific values as needed

    • Key - Key

    • Value - Value