Securing the REST API

CSM supports the OAuth2 protocol to authenticate and authorize calls to the REST API. The OAuth2 protocol enables third-party clients to obtain access to HTTP services. In basic OAuth2 message flow, the client interacts with a resource server and an authorization server. The client requests tokens from the authorization server on behalf of the user. The authorization server authenticates the User and returns tokens to the client. The client then sends the tokens to the resource server, which hosts the protected resource, and the User is able to access the resource as long as the tokens remain valid. In our environment, CSM acts as both the resource server and the authorization server.

You may optionally configure your system to support the SAML authentication protocol for the REST API. When SAML authentication is configured, CSM no longer acts as the authorization server in the OAuth2 message flow. Instead, your SAML identity provider acts as the authorization server. The identity provider receives token requests from the client, authenticates Users, and returns tokens to authorize access to the Cherwell REST API.