A common API Management use case is that an API should not be accessible to anyone, but only to authorized users. To secure your REST APIs, we recommend to use the Keycloak OAuth policy for user authentication. If additional user authorization (with roles) is required, we recomment to extend your setup with the Authorization policy.
Keycloak OAuth: Use this policy to secure your API via Keycloak. This Keycloak-specific OAuth2 policy should be your first choice to secure an API in the PAS environment.
Refer to Authentication With Keycloak OAuth for details.