The API object has a security scheme that allows you to configure authentication and authorization.
Security in API objects through GAM works in the same way as in other objects that expose REST services. That is to say, you must enable the model security by setting the Enable Integrated Security property to True at the KB version level and selecting Rebuild All. Then, in the API object, you must configure the Integrated Security Level property by specifying whether you want Authentication or Authorization.
In your API object, you have to set REST Protocol property = True.
Detailed steps at: HowTo: Define an API object with a security scheme
Furthermore, the GAM Authentication and Authorization scenarios in the API object use the OAuth 2.0 protocol. Therefore, in the GAM Backend applications you have to select the "Allow authentication v.2.0?" and the "Can get user roles?" checkboxes.
Detailed steps at: HowTo: Configure the API object security scheme
In your API object, make sure that Generate OpenAPI interface property = Yes. After that, press F5, and GeneXus will generate the YAML file with the security information.
Now, you can use features like the Launchpad Tool Window to prototype the REST API. When using those tools, you must paste the Client Id and Client Secret information taken from the GAM Backend.
Note: You should keep in mind that the Client Id is the Application Identifier in GAM (GAM - Applications), and you can have more than one Client Id in GAM.
Detailed steps at: HowTo: Access secure REST services defined via API Objects
HowTo: Define an API object with a security scheme
HowTo: Configure the API object security scheme
HowTo: Access secure REST services defined via API Objects