Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Add a new idea Subscribe
Status Planned for future release
Workspace webMethods Integration SaaS
Created by Guest
Created on Sep 4, 2025

RELATED IDEAS

Organization in the OAuth for REST APIs in webMethods iPaaS

Is not as advanced as in API Connect (no developer organizations, no owners, admins or dev users, no application, just simple credentials floating all together in a big ocean

Idea priority High
  • Admin
    John Carter
    Sep 29, 2025

    We are introducing a complete rethink for authorization and access control. 1st iteration is planned for Q4 and primarily aimed at securing Edge based Runtimes (ERTs) using basic auth. However, we will then expand it to other assets types and auth protocols.

    fyi, it will no longer be based on platform users, and instead distinct logical applications that you define yourself.

    Reply
  • Guest
    Sep 4, 2025

    Even more reasons: normally our consumers are apps and scripts rather than humans, therefore we have to add lots of new users into webmethods as technical accounts, that we have to share with our consumers, so they would provide both JWT and Basic Auth in their original call towards APIC, and APIC would propagate both towards webMethods. Else, we would have to store those credentials into the APIC swagger (HARDCODED) which is a bad, bad practice. 
    And even so, there's no easy way to segregate access to each user based on the basic auth. Without the JWT validation (with scopes, role and audience), everybody would have been able to skip API Connect and call wm.io directly and once you do that, all APIs from all projects would have been free to use without rate-limiting and role based access.

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.