Authentication Options of the API Portal

Portal Authentication


To let your developers log in to your API Portal, you can choose from the following means of authentication:

  • E-mail and password signup and login
  • ADFS 3.0 Federation using your own ADFS instance (SAML)
  • Github Login
  • Google Login
  • Twitter Login
  • Generic OAuth2 lgogin (JWT based)
  • SAML based SSO
  • ... more to come

For e-mail and password log in, the portal supports reCAPTCHA to avoid robots signing up to your portal; additionally, you can configure the portal to validate email addresses.

Sending lost password reset requests is also supported; you only have to supply the API Portal with SMTP credentials.


API Authentication

Any type of authentication which you have configured for the Portal can also be used for authenticating the use of any API registered in the API Portal. Wicked will federate any type of login to a standard OAuth 2.0 flow, e.g. to an Authorization Code Grant, or the Implicit Grant. This also applies to logins using SAML. Your applications only need to implement generic OAuth 2.0, all other login types are federated by Wicked.

For simple machine to machine communication, you can also use plain API Keys.

Credentials, i.e. API Keys or Client ID and Client Secret are generated for each application and per API subscription automatically, depending on how you choose to secure your API.

Need other means of authentication? File an issue on GitHub and tell us.

API Authorization


Wicked from version 1.0.0 on packs a feature rich Authorization Server with the installation. The Authorization Server can serve as a full featured OAuth 2.0 Identity Provider, or it can be used the federate identities from a wide range of Identity Providers, such as Google, Twitter, GitHub, ADFS, generic OAuth 2.0 or even SAML.

The Authorization Server can federate these identites to using a standard OAuth 2.0 flow, even if the federated identity provider is e.g. a SAML identity provider.

See also the documentation of the Demo Portal regarding support for the different OAuth 2.0 flows:


For more information, either see the documentation on GitHub or the use case descriptions on this microsite:

Back to top

© 2016-2018 Haufe-Lexware GmbH & Co. KG,,,,