The InterSystems IRIS has two major paths to a digital service: API/Web Service into Interoperability module and multimodel Database/Analytics. Each of them has your security configuration.
To do API security you apply an OAuth or JWT plug-in to the API endpoint. So in the Admin Portal, API producer and consumers get the keys to authenticate the API and consume it. The Admin Portal allows you configure RBAC policies too.