For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Protecting API Access with BIG-IP using OAuth

As more organizations use APIs in their systems, they've become targets for the not-so-good-doers so API Security is something you need to take seriously. Most APIs today use the HTTP protocol so org...
Published Mar 21, 2017
Version 1.0
api
BIG-IP
BIG-IP Access Policy Manager (APM)
oauth
security
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
PSilva's avatar
Ret. Employee
Technical writer, evangelist, speaker, video host, story teller and overall clever guy. Bringing the slightly theatrical and fairly technical together, I train, write, speak, along with overall evangelism. Highly technical information security professional with social media skills who has also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.
View Profile
Cory_Blankenshi's avatar
Cory_Blankenshi
Icon for Altostratus rankAltostratus
Aug 22, 2018

Thanks for the write up. Question: how do you actually configure OAuth in APM to protect the API calls? The documentation does a great job of describing what OAuth is and what it can do on the F5. Translating that information into a solution to protect an API is what I was hoping for.

 

Also, that YouTube video is pretty much a waste of 4:34 minutes. It simply shows that OAuth works. It says nothing about how to do it. I mean, I know that OAuth works. I don't need to watch a Postman demo that proves it. :|