Securing the Pega API
To ensure the safety of Pega API credentials that are transferred through HTTP basic authentication, use TLS 1.2, a strong transport layer security, when installing your Pega application. You can also secure the Pega API by using OAuth 2.0.
This task describes how to secure the Pega API by using TLS
1.2. For information about securing the Pega API by using OAuth 2.0, see the
Pega Community
article
Accessing the Pega API by using OAuth 2.0.
- Deploy your Pega application by creating and installing TLS/SSL digital certificates on your web application server for the Pega application. For instructions, see the documentation for your server.
- Confirm that the Pega API is configured to use TLS/SSL, which is enabled by default. On the Edit Service Package dialog box for the API service package, ensure that Requires authentication, Use TLS/SSL (REST only), and Suppress Show-HTML are selected.
- Test the Pega API in Dev Studio and ensure that the URL starts with https://, the connection uses TLS 1.2, and users are prompted for their Pega credentials the first time the Pega API is used in a browser session.
Previous topic Pega API system management privileges Next topic Pega API best practices