Skip to content

Commit

Permalink
Add allow list to expose Developer portal
Browse files Browse the repository at this point in the history
  • Loading branch information
PasanT9 committed Oct 30, 2024
1 parent f2f3778 commit 4975fac
Showing 1 changed file with 14 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -812,12 +812,25 @@ This section provides a list of security guidelines for configuring the network
<p><strong>Note:</strong> </p>
<p>It is recommended to use an allowlisting approach when allowing access to resources in your product from the DMZ level.</p>

<p>For the API-M Developer Portal, exposing the following paths would be sufficient:</p>
<ul>
<li>https://&lt;host&gt;:&lt;port&gt;/devportal</li>
<li>https://&lt;host&gt;:&lt;port&gt;/devportal/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/api/am/devportal/v3/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oauth2/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oidc/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/authenticationendpoint/*</li>
<li>https://&lt;host&gt;:&lt;port&gt;/logincontext</li>
<li>https://&lt;host&gt;:&lt;port&gt;/oauth2/authorize</li>
<li>https://&lt;host&gt;:&lt;port&gt;/commonauth</li>
<li>https://&lt;host&gt;:&lt;port&gt;/accountrecoveryendpoint/*</li>
</ul>

</td>
</tr>
</tbody>
</table>


## Configure client authentication

Client authentication is used to identify the application or the client that is making the request.
Expand Down

0 comments on commit 4975fac

Please sign in to comment.