Configuring API security

You must define access to API resources to control what can be accessed by users when calling an API.

When calling an API, you must pass through the following two levels of security:

Note: If you're running Sterling Selling and Fulfillment Foundation components as Web services with API security enabled, you must expose the Login API as a Web service. Additionally, you must call the Login API, capture the security token that is generated at login, and then set the token as the "tokenId" in YFSEnvironment. For details about the YFSEnvironment interface, see the Sterling Selling and Fulfillment Foundation Javadocs.