Skip to content

Commit

Permalink
Merge pull request #8544 from PasanT9/allow-list-master
Browse files Browse the repository at this point in the history
Add allow list to expose Developer portal
  • Loading branch information
PasanT9 authored Oct 30, 2024
2 parents 9f667af + 4975fac commit 327a2df
Showing 1 changed file with 14 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -812,12 +812,25 @@ This section provides a list of security guidelines for configuring the network
<p><strong>Note:</strong> </p>
<p>It is recommended to use an allowlisting approach when allowing access to resources in your product from the DMZ level.</p>

<p>For the API-M Developer Portal, exposing the following paths would be sufficient:</p>
<ul>
<li>https://&lt;host&gt;:&lt;port&gt;/devportal</li>
<li>https://&lt;host&gt;:&lt;port&gt;/devportal/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/api/am/devportal/v3/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oauth2/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oidc/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/authenticationendpoint/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/logincontext</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oauth2/authorize</li>
<li>https://&lt;host&gt;:&lt;port&gt;/commonauth</li>
<li>https://&lt;host&gt;:&lt;port&gt;/accountrecoveryendpoint/*</li>
</ul>

</td>
</tr>
</tbody>
</table>


## Configure client authentication

Client authentication is used to identify the application or the client that is making the request.
Expand Down

0 comments on commit 327a2df

Please sign in to comment.