You must define access to API resources to control what
can be accessed by users when calling an API.
When calling an API, you must pass through the following
two levels of security:
- Authentication with a user ID, a certificate or both. The login
API is called before any other API is called.
- Authorization, which verifies which resources you can access.
Note: If you're running Sterling Selling and
Fulfillment Foundation components
as Web services with API security enabled, you must expose the Login
API as a Web service. Additionally, you must call the Login API, capture
the security token that is generated at login, and then set the token
as the "tokenId" in YFSEnvironment. For details about
the YFSEnvironment interface, see the Sterling Selling and
Fulfillment Foundation Javadocs.