API Access

A custom application can consume the capabilities of IBM Security Verify either via single sign-on (SAML or OpenID Connect) or by directly calling the IBM Security Verify REST APIs.

When integrating via single sign-on, the client needs to be a browser (or an embedded browser in a native application). During the single sign-on flow, the browser is re-directed to IBM Security Verify in the cloud which takes control of the session and presents the pages associated with the login flow.

In cases where the client is not a browser, or where the user experience needs to stay under the control of the application, integration via our REST APIs gives direct access to IBM Security Verify capabilities.

Even an application that has its primary integration via single sign-on may want to use REST APIs to access capabilities such as account registration or account management.

A Native Application is an application that is integrated directly with IBM Security Verify using our REST APIs rather than (or in addition to) being integrated via Single Sign-On.

The articles in this section describe the different ways that a native application can access our REST APIs and why you might choose one method over another.