Authenticating Access to a TIBCO ActiveMatrix BPM Service
You can use different methods to include authentication information when invoking a TIBCO ActiveMatrix BPM service.
At runtime, security policies are enforced on the endpoint of every TIBCO ActiveMatrix BPM service to ensure that access is restricted to authenticated users. Every API call to a TIBCO ActiveMatrix BPM service must be made using the identity of a user who is registered in the BPM organization model. An API call that does not meet this requirement is rejected.
TIBCO ActiveMatrix BPM supports the following authentication types:
Additional security mechanisms or techniques can be used to enhance the security of any call to a BPM service according to specific business requirements - for example, the use of SSL or message-level encryption. These mechanisms and techniques are, however, not specifically needed to access BPM services, and so are not discussed further here. See the TIBCO ActiveMatrix runtime documentation for more information about security mechanisms and techniques used by the TIBCO ActiveMatrix runtime.