Last Modified: Mar 11, 2020
Opened: Mar 03, 2020
APM has several types of access policies for different deployment types, such as general per-request policies, OAuth policies, full webtop portal policies, and so on. One type of policy is designed for API clients, called API Protection. API Protection requests are generally authenticated by user information present in an HTTP authorization header. APM then uses this authorization header data to authenticate users against an AAA server. In addition to authentication, some deployments of API Protection also require authorization decisions to be performed against out-of-band data from external servers, typically group membership data from an external HTTP or LDAP server.
Administrators are not able to use HTTP Connector or LDAP Query in API Protection policies.
Administrators attempt to use HTTP Connector or LDAP Query in an API Protection type access policy.