API Connect on premise – manage secure external api

API Connect on premise –

We have a scenario were we consume a 3rd party API and publish it internally on API Connect – we proxy it- for our registered developers to consume.

The 3rd party API is secured and requires a username password. We do not want to share this information with our internal developers. As part of taking the 3rd party external API under management what is a good practice to store the credentials in such a scenario?