• https://apim.docs.wso2.com/en/4.4.0/design/api-security/configuring-api-security-audit/
• https://apim.docs.wso2.com/en/4.4.0/design/api-security/oauth2/oauth2-scopes/fine-grained-access-control-with-oauth-scopes/

通过Endpoint Security添加认证

• basic auth 基本认证，base64(username:password)
• digest auth 摘要认证，HA1 = MD5(username:realm:password) HA2 = MD5(method:requestURI) response = MD5(HA1:nonce:HA2)
• oauth2.0 开放授权标准

basic认证

oauth2认证

通过polices添加固定的token

• 如果后端服务只提供了固定的token或者apikey，我们也可以通过polices为后端添加固定的请求头信息，将token放到请求头即可