In IBM API Connect, when the credential extraction method is set to Form in the client security policy, it means that the client credentials (such as the client ID and secret) must be supplied in a specific format using a POST request. Specifically, the credentials are included in the body of the request in a URL-encoded form. This is typical in OAuth 2.0 workflows where client credentials need to be extracted from a form-based submission, often used in situations involving login or token exchanges.
"Client id" and "secret" are provided in the request body through form fields, rather than being passed in the URL or headers.
This method adheres to secure practices where sensitive credentials are sent via POST to avoid exposing them in the URL.
Therefore, the correct statement is that client ID and secret must be supplied via a POST request when using the Form credential extraction method.
References:
IBM API Connect Documentation
IBM API Connect v10.0.3 - Now Available
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit