International Business Machines Corporation
Authenticating API service invocations

Abstract:

A computer-implemented method and system for authenticating API is provided. An API invocation request associated with a user is received. An API operation and the shareable API key includes validating API key credentials of the shareable API key associated with the API invocation request. There is an additional validation of user credentials of the user associated with the API invocation request. It is determined whether the user having the validated user credentials is authorized to use the shareable API key to invoke the API operation. The API operation is executed in response to determining the user having validated user credentials is authorized to use the shareable API key to invoke the API operation. The authentication integrates validation of the user and the shareable API key, and determines whether a user is a subscriber of a multi-tenant subscription service.