Security Schemes for Consuming REST APIs in Gen™ CICS and Java applications

Two things can be true: Open & Secure

Gen customers are inspired by the opportunities REST APIs open up for their business. These REST services enable interactions with other systems, thereby amplifying the value existing in their Gen applications. But one must wonder, “If I’m opening up my applications, am I retaining the security of my data?” YES!

• REST APIs enable developers to expose specific data points. You have control over what to make accessible and to whom.
• REST APIs can be used via HTTPS with Transport Layer Security(TLS) encryption, keeping your connection secure and ensuring data is encrypted and unmodified.
• REST APIs can also require authentication, either requiring a username/password or a token.

Authentication tokens for REST APIs can be defined by a variety of security schemes. I’m pleased to share that Gen has been enhanced to natively support the following security schemes when consuming (or call out to) REST APIs in your CICS and Java applications:

• BasicAuth: The Basic Authentication scheme passes encoded credentials (username and password) in the header of the HTTP message.
• BearerAuth: The Bearer Authentication scheme passes a service provided token in the header of the HTTP message.
• ApiKeyAuth: API Key Authentication uses query, header or cookie parameters to send authentication information to the REST API.
• OAuth2 — Client Credentials Flow: The OAuth2 Client Credentials flow connects to an authorization server to retrieve a token to authenticate with the target REST API.

How do I secure my call out to REST APIs within my Gen CICS and Java applications?

What you’ll need:

• Be current on your maintenance for Gen v8.6. (Solutions and Patches HERE)
• Collect your security scheme specifications from your authentication provider.
• We recommend using a tool like Postman to test your authentication credentials and REST call.

What to expect:

Each security scheme has its own set of assets for implementation, so review these Gen Tech Docs for details on your security scheme of choice.

• Add a Call REST Statement
• Authentication for REST API Calls
• Error Handling in Call REST

When defining your Call REST statement in Gen, you will provide an OpenAPI specification which will include the authentication information. You will see authentication parameters listed on the Input REST API Parameter Matching screen which you will match to the view attributes of your choice (Figure 1). These Gen knowledge articles will walk you through the steps for configuring your REST call and security scheme:

• Gen 8.6 Consuming REST APIs: Getting Started
• Gen 8.6 Consuming REST APIs: Authentication
• Gen 8.6 Consuming REST APIs: FAQ

Figure 1: Example of Import REST API Parameter Matching screen with OAuth2

Gen’s native support of security schemes further simplifies your ability to leverage REST APIs to amplify the value in your Gen CICS and Java applications. With REST services you can rest assured that your data is secure.

Join the Gen EDGE community to get automated notifications and always stay informed about REST capabilities in Gen.