API security

Neptune DXP supports the following API authentication protocols:

apisec1
  • OAuth 2.0 used to create authentication policies that can be assigned to onboard external API services using OAuth2 as their authentication mechanism. An access token must first be sourced from the external service and configure it into a Neptune DXP API security policy. Once the policy is assigned to the external API onboarded in the Neptune DXP it will inherit the token to be automatically used to authenticate future requests.

  • Basic Authentication involves sending a verified username and password with each API request requiring a username and password in the API request header. Care should be taken when using basic authentication that the inbound API traffic is encrypted by using the HTTPS protocol. Neptune DXP supportss both unencrypted (HTTP) and SSL encrypted runtime executable (HTTPS).

  • Bearer Token allows requests to authenticate using an access key, such as a JSON Web Token (JWT). The token is a text string, included in the request header. Neptune DXP allows for the creation of an API security policy that can be re-used and assign it to Neptune DXP REST API definitions; once the policy is assigned to the API the header will be inherited and expected to be provided by all external callers. The API designer must then provide the token to caller to insert it as a header in their API calls, whilst Neptune DXP will automatically validate it at runtime.

  • Principal Propagation for authenticating into backend systems that support authentication via X.509 certificates, such as SAP or Oracle EBS. Neptune DXP provides the capability to generate an X.509 certificate containing a user element to represent the user’s logon ID or email address. The certificate must then be imported to the target system to register it and map the user element as an alias account name. In Neptune DXP, the target system’s REST API must also be imported, as an external API, with the X.509 API authentication policy assigned to it. This enables Neptune DXP scripts to make API calls to the target system and generate a onetime X.509 certificate to authenticate the API request.