Having APIs tightly coupled with OAuth creates overhead for simple server to server communication. There are use cases in IoT Server where it needs to communicate with APIM rest APIs(Store and Publisher). In the current flow we create oauth token using JWT grant type. Even though the problem can be solved with OAUTH but still it creates an additional hop. If there is a JWT Authenticator or a Mutual Authenticator in the APIM rest api this might have solved it in a single hop.
Therefore one solution that I can think of is to have a generic authenticator which authenticates based on the header. *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture