Introduction to the Secure Module
Introduction
The PortX Integration Manager Security Module, the PortX Identity Access Management (PIAM) system is where the Security of the APIs are defined, including who accesses the APIs and how, and which clients or service principals are allowed to connect to the APIs. The APIs are created and maintained in the API Catalog in the Discover Module.
In the Security Module, on the Secure Module—Manage API Roles page is a list of APIs. The APIs listed on the Secure Module—Manage Service Principals page is a smaller subset list of APIs that is on the Secure Module—Manage API Roles page.
Purpose
This document provides information and step-by-step walkthroughs for the following topics:
- Log in and Access the PortX Integration Manager Secure Module, the PortX Identity Access Management System (PIAM)
- Log in Directly to the Secure Module
- Log in to the PortX Platform, Navigate to PortX Integration Manager, then to the Secure Module
- Manage Users
- Manage API Roles
- Manage Service Principals
- Create then use Secret Client
- Create then use the FAPI credentials
- Assign API Roles
- Delete a Secret Client or set of FAPI credentials
- Set Ingress Configuration
Initialisms and Definitions
| Initialism | Definition |
|---|---|
| API | Application Programming Interface |
| AWS | Amazon Web Services |
| CRT | Certificate File. Typically has a .crt extension, and is used in secure communications. The certificate file contains a public key and is part of a public key infrastructure (PKI). CRT files are essential for establishing secure connections, such as those required for authentication in APIs, where they are used with private key files to validate identities and encrypt data. |
| FAPI | Financial-Grade API. FAPI is a set of specifications that enhances security for financial applications using OAuth 2.0 and OpenID Connect (OIDC). FAPI allows for the generation of secure credentials, enabling sub-credentials per transaction based on asymmetric cryptography. FAPI credentials are designed to meet stringent security requirements, making them suitable for enterprise customers who need robust API authentication and authorization solutions. |
| IAM | Identity Access Management. An IAM system makes sure the authorized administrators can provide correct team members to have the correct access to an organization’s data and resources, including customer information. |
| JWT | JSON Web Token is an open standard for securely sharing JSON data between parties. The data is encoded and digitally signed, which ensures its authenticity. JWT is widely used in API authentication and authorization workflows, as well as for data transfer between clients and servers. |
| mTLS | Mutual TLS. An industry standard that uses the TLS encryption protocol and both the client and server authenticate each other by verifying that each holds a valid certificate issued by a trusted certificate authority (CA) before they can communicate to each other. mTLS protects against unauthorized access to the network and prevents intruders from sniffing network calls or impersonating services.
|
| OIDC | OpenID Connect is an authentication protocol built on top of OAuth 2.0. OIDC is used to verify user identity and obtain basic profile information, which in turn enables single sign-on (SSO) across applications. |
| PIAM | PortX Identity Access Management. PIAM is accessed through the PortX Platform, through PortX Integration Manager, through the Secure Module. |
| PKI | Public Key Infrastructure |
| SSO | Single Sign-On |
| TLS | Transport Layer Security. A protocol that protects communications over networks including the Internet. TLS protocol is used to secure email, instant messaging, voice over IP (VOIP), and Hypertext Transfer Protocol Secure (HTTPS). TLS is an updated and a more secure version of the older SSL. |