How to configure HCM so that it only accepts HCM REST API requests from OCI API Gateway?
(Given HCM LBAC is already configured to restrict access to HCM to enterprise VPN users)
is it possible to restrict access to the HCM REST API to only requests coming from an OCI API Gateway?
The motivation is to enhance the security profile of the HCM REST API by adding Mutual Auth provided by the OCI API Gateway.
consumer - (mutual auth, internet) -> OCI API Gateway -( Oracle network) -> HCM REST API
How to ensure only requests coming from OCI API Gateway are allowed to be processed by the HCM REST API without impacting the HCM LBAC in place to manage the origin of the online users? That is: how to prevent direct access to the HCM REST API limiting access just to traffic from the OCI API Gateway