For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Client security APIs

Learn about the MobileFirst security client APIs for issuing resource requests and handling security challenges.


OAuth resource-request APIs

IBM MobileFirstâ„¢ Platform Foundation provides two alternative sets of OAuth client APIs for accessing protected resources:


Challenge-handler APIs

The client application uses challenge handlers to handle the client-side security logic and the related user interaction, and respond to security challenges. See OAuth scopes, security checks, and challenge handlers. You must implement and register a challenge handler for each custom security check that is applicable to our application (namely, security checks that are used to protect resources required by the application). In addition, we can customize the default MobileFirst challenge handler for displaying the user interface (UI) of the mobile-application management features (see Mobile-application management).

Creating a challenge handler
When communicating directly with MobileFirst Server, create a MobileFirst security-check challenge handler:

In gateway topologies, create a custom gateway challenge handler:

Registering a challenge handler
Use the relevant API to register your challenge handler:

The security-challenge object
The security challenge is passed to the application within a JSON object that contains data pairs of a security-check name and an optional JSON object with additional data (or null if no additional data is required):

{ "challenges": { "SecurityCheck1":null, "SecurityCheck2":{ "PropertyName": "PropertyValue" [...] } } }

Sample implementations and guidelines
We can find sample challenge-handler implementations and related development guidelines in the following IBM MobileFirst Platform Foundation Development Center tutorials. See the relevant tutorial for our development platform.

Parent topic: MobileFirst security framework