In many cases, your applications and APIs need to take end-user identity into consideration. There are two ways this can be implemented in WSO2 API Cloud:
- Using WSO2 Cloud's identity store and 'Application & Application User' authorization, or
- Using backend identity store and X-Authorization header.
- Application uses Authorization bearer header with the application token to communicate with the gateway. The token can be obtained manually from API Store or programmatically using token APIs,
- Then application prompts end-user for username and password, authenticates against the backend service, and get the corresponding OAuth token from it,
- In all subsequent calls, application passes two headers: Authorization with the application token for API Cloud gateway and X-Authorization with user token for the backend.