CA API Gateway OAuth Toolkit

Add OAuth-based access control to enterprise APIs.

OAuth is quickly emerging as the key standard for access control across the Web, cloud services and mobile apps. But applying OAuth can be a complex process, with a steep learning curve for enterprise architects and application developers alike. The CA OAuth Toolkit is a pre-integrated component of all API gateways from CA Technologies, which makes it simple to add OAuth-based access control to enterprise resources exposed via APIs for reuse in Web and mobile apps.

The CA OAuth Toolkit is a complete OAuth implementation including an authorization server supporting various types of handshake with API-consuming applications, a resource server that protects access to APIs at runtime and a token management system, which can be deployed in a distributed architecture. The authorization server and resource server can integrate with most leading identity and access management (IAM) products.

The OAuth Toolkit supports the OAuth 1.0, 1.0a and 2.0 standards as well as JWT (JSON Web Token) bearer tokens and a range of extension grant types. Optional HMAC or RSA signatures are supported for maximum interoperability. CA Mobile API Gateway also provides an OpenID Connect implementation built on top of the OAuth Toolkit, which can be used to extend an existing identity directory into a state-of-the-art federated identity provider.

CA OAuth

Key Features

  • Support for both two- and three-legged OAuth implementations
  • HMAC and RSA signature methods plus SHA-1, SHA-256 and SHA-512 encryption
  • Flexible deployment and easy upgrading to the latest OAuth version
  • Integrated SAML Security Token Service (STS) for managing cross-domain security

Key Benefits

  • Abstract complex OAuth procedures in order to simplify the addition of standards-compliant access management functionality to API-based client applications.
  • Implement browser-based single sign-on (SSO) functionality for federating on-premises identities to web-based applications and cloud services.
  • Add strong but user-friendly login security to mobile apps that access backend enterprise resources.

Resources

Data Sheets
CA API Gateway OAuth Toolkit
eBooks
5 OAuth Essentials for API Access Control

More resources >