All Products
Search
Document Center

Cloud Config:Set API security authentication to JWT in API Gateway

Last Updated:Jun 16, 2026

An API in API Gateway is considered compliant if its security authentication is set to JSON Web Token (JWT).

Scenarios

API Gateway uses JSON Web Token (JWT), a structured token, to implement a user-based authorization mechanism for API access, meeting custom security requirements.

Risk level

Default risk level: Medium.

You can change the risk level based on your business requirements.

Detection logic

  • An API in API Gateway is compliant if its security authentication is set to JWT.

  • An API in API Gateway is non-compliant if its security authentication is not set to JWT. To resolve this issue, see Remediation.

Rule details

Parameter

Description

Rule name

Set API security authentication to JWT in API Gateway

Rule identifier

api-gateway-api-auth-jwt

Tag

ApiGateway, API

Auto-remediation

Not supported

Trigger mechanism

Periodic

Trigger frequency

24 hours

Supported resource types

API resources

Input parameters

None

Remediation

Set the API security authentication to JWT. For more information, see JWT-based token authentication.