Skip to content

Shared Resources

Onboarding of APIs occurs at multiple backend environments: testing, development and production. These environments are primarily on the HTTP application-layer protocol due to its simplicity and historical use. However, it’s prone to eavesdropping, data tampering, and man-in-the-middle attacks. As APIs often deal with sensitive data, such as user credentials, personal information, and financial data, it’s critical to consider safety.

Therefore, to ensure security, the best practice for onboarding APIs is to enforce TLS (Transport Layer Security.) TLS protects the information your API sends by enforcing HTTPS on the backend URLs, which ensures the confidentiality and integrity of the data, making it much more secure. HTTPS encrypts the data exchanged or communication between your API and its clients, ensuring that it cannot be intercepted or tampered with by malicious entities. These attacks are more likely to succeed when using plain HTTP.

API Shared Resources

In order to let users know that your API is legitimate and protected, TLS requires a certificate issued by a certificate authority. Using the Shared Resources functionality, you can create and enforce these certificates to your APIs while onboarding them or before publishing/making them available for the consumer.

You can access the Shared Resources functionality through Manage APIs in the API Manager.

Shared Resources Functionality

Here, you get a list of all the created custom SSL certificates (shared resources) that can be shared among APIs present in the organization. You can also create new resources using the Add Shared Resources button. In addition, you get the options to search, edit and delete the resources.

To utilize the Shared Resources functionality, follow the instructions available in the following articles.