CMT Behavioural Data Integration API
Security and API Policies
Client ID Enforcement policy
The Client ID Enforcement policy restricts access to a protected resource by allowing requests only from registered client applications. The policy ensures that the client credentials sent on each request have been approved to consume the API.
When a client application is registered in Anypoint Platform, a pair of credentials consisting of a client ID and client secret is generated. When the client application requests access to an API, a contract is created between the application and that API. An API that is protected with a Client ID Enforcement policy is accessible only to applications that have an approved contract.
Policy Overview:
| Policy Name | Summary | Category | Returned Status Codes |
|---|---|---|---|
| Client ID Enforcement-Policy Name | Allow access only to authorized client applications--Summary | Compliance-Category | Accepted-202 (Return expected output client application) Failed-401 (No authorized)--Returned Status Codes |
Request to contain below 2 elements in header: client_id and client_secret
Martech+ Market Enforcement policy
The MartechPlus Access enforcement policy restrict access to a protected resource. The policy ensures that a pair: client_id and market (identified in the header "market") sent on each request have been approved to consume the API.
This policy avoid to send data to another market from a specific client_id.
Request to contain below this elements in header: client_id and market