private static void ConfigureApis(HttpSelfHostConfiguration configuration)
        {
            // authentication
            var authConfig = AuthenticationConfig.CreateConfiguration();
            authConfig.ClaimsAuthenticationManager = new ConsultantsClaimsTransformer();
            configuration.MessageHandlers.Add(new AuthenticationHandler(authConfig));

            // authorization
            configuration.SetAuthorizationManager(new GlobalAuthorizationManager(DefaultPolicy.Deny));

            // CORS
            CorsConfig.RegisterGlobal(configuration);

            // dependency resolver for authorization manager
            configuration.DependencyResolver = new AuthorizationDependencyResolver();
        }