A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application.
The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller.
Which method can the developer use in this scenario? (Choose the best answer.)
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The correct answer in this scenario is B. Create an authorizer function using token-based authorization.
The API Gateway in Oracle Cloud Infrastructure allows developers to create, deploy and manage APIs that act as a front door for applications to access backend services such as compute instances, databases, or storage buckets. To ensure the security of these APIs, authentication and authorization mechanisms are typically implemented.
In this scenario, the developer needs to implement a custom authentication scheme that accepts string parameters from the API caller. Token-based authorization is a common approach to implement authentication in APIs, where a token or key is issued to a user, which is then included in API requests to authenticate and authorize access to protected resources.
To implement token-based authorization in the OCI API Gateway, the developer can create an authorizer function, which is a piece of code that evaluates the token in the API request and returns an authorization decision. The authorizer function can be implemented using Oracle Functions, which is a serverless compute service that allows developers to run code in response to events, including API Gateway requests.
The authorizer function can accept string parameters from the API caller, which can be used to authenticate the user and generate a token or key for subsequent requests. The function can then return an authorization decision based on the token or key, such as allowing or denying access to a specific resource.
The other answer choices are not the best fit for this scenario:
A. Create an authorizer function using request header authorization: Request header authorization is a standard approach to authenticate API requests using headers such as "Authorization" or "ApiKey". However, it does not fit the requirement of accepting string parameters from the API caller.
C. Create a cross account functions authorizer: A cross-account functions authorizer is a mechanism to authorize requests across multiple OCI accounts. It does not fit the requirement of accepting string parameters from the API caller.
D. Create an authorizer function using OCI Identity and Access Management (IAM) based authentication: OCI IAM is a centralized service that manages access to OCI resources. However, it does not fit the requirement of implementing a custom authentication scheme that accepts string parameters from the API caller.