To ensure the safety of Pega API credentials that are transferred through HTTP basic authentication, use TLS 1.2, a strong transport layer security, when installing your Pega application. You can also secure the Pega API by using OAuth 2.0.
- Deploy your Pega application by creating and installing TLS/SSL digital certificates on your web application server for the Pega application. For instructions, see the documentation for your server.
- Confirm that the Pega API is configured to use TLS/SSL, which is enabled by default. On the Edit Service Package dialog box for the API service package, ensure that Requires authentication, Use TLS/SSL (REST only), and Suppress Show-HTML are selected.
- Test the Pega API in Dev Studio and ensure that the URL starts with https://, the connection uses TLS 1.2, and users are prompted for their Pega credentials the first time the Pega API is used in a browser session.