Hi All,
How we are going to make REST Connections secure and what are the rules we need to implement to make secure connections…?
Connect-Rest
You can maintain the Trust store in the connect-rest rule. Generally, in connect rest, we are connecting the external system and get the required information. The external system would send the certificate along with the response. The certificate that the external system has sent needs to be validate with the certificates which are there in the trust store rule. Once the certificate is trusted then only pega extracts the response.
Service-Rest
You can verify the request from the external system with the authentication mechanism maintained at the service package level. In the service package, the support authentications are basic, Custom, and Oauth. You can maintain these authentications to secure the service rests.
@Kamalapuri , If Rest API is created within Pega, Service Rest will be created within the Service Package rule. All the Authorization Methods for the Service will be on Service Package
Select the Appropriate Authentication Type on Service Package
On Selecting Basic Authentication – Option to enable Require TLS/SSL will be present. Details as per help document-
Select the Require TLS/SSL for REST services in this package check box if you want to use TLS/SSL for service REST rules that belong to this service package.
When you select this check box, all invocations of REST services belonging to this service package must use TLS/SSL, which uses the HTTPS protocol. If REST services are invoked by using HTTP, a code 403 status is returned with a warning.
For Custom – Create Appropriate Authentication Type Requested by Business.
