Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
OAuth enables you to authorize apps authorization of applications by generating an Access Token and then by verifying this access token which is generated instead instead of relying on a specific password.
This section explains steps to set up Client Credentials grant type among the four grant types mentioned in OAuth 2.0 specification. In this grant type, the client can request an access token using only its client credentials (consumer key and secret)You have come across the topics
Tip | ||
---|---|---|
|
...
|
...
|
Now, go through the below sections to know Sections below explain how to use OAUTH mentioned in the sections above sections.
Configuring OAUTH Token End Point
...
From the API Dashboard, click API Projects - Manage API Projects and select OAuth Token End Point option from Add API Project drop-down list present in the upper-right part of the API Projects panel.
Figure 1: Providing attributes to create OAuth Token End Point Project
Following The following values are used in the above figure as a sample:
...
After creating the project, double-click the AccessToken project to get into the project. Notice the below configuration settings that take place automatically:
a) Go to the Policies section to check that the OAUTH Token End Point Policy is set.
Figure 2: OAuth Token End Point Policy Configuration auto-populated
b) Go to the Resources section to check that the OAUTH Token End Point Policy is added to the Proxy Request endpoint.
...
Deploy the OAUTH Token Endpoint project
Now To deploy the project;, select the AccessToken project, click the Deploy button and then choose the a Server GroupsGroup of your choice.
This project acts as an endpoint to generate access tokens . Publish this which can be published to clients for obtaining tokens.
...
Now that the Access Token Endpoint is ready to receive requests from the clients with valid registration, create an the OAuth Verify Access Token policy can be created and attach it attached to the Proxy Request endpoint of the resource. You This can do this be done while creating a project as well as or to the an existing oneproject.
While creating a project
While creating a new REST/HTTP or WSDL project, choose the "OAuth 2.0 Access Tokens" option for the Secure API with a property property.
Figure 4: Choosing to apply OAuth Access Token while creating a project
Open the project and notice the following configuration settings that take place automatically:
a) Go to to the Policies section to check that the Verify Token Policy configuration is set.
Info |
---|
The following configuration settings that take place automatically |
Figure 5: OAuth Verify Access Token Policy added to Proxy Request endpoint in Resources
b) Go to to the Resources section to check that the Verify Token Policy is added to the Proxy Request endpoint.
Figure 5: OAuth Verify Access Token Policy Configuration Auto -populated
To an existing project
You need to manually add the policy and attach it to the resource while working with an already existing project.
Refer the Adding With an already existing project, the policy needs to be manually added and attached to the resource.
Refer to the Adding a Policy section and the previous section OAUTH 2.0 to add for adding the OAuth Verify Access Token policy and for manually select selecting the Query option as the access token location.
Go to the Resources section, click the Proxy Request endpoint in the DefaultResource and add the OAuth Verify Access Token policy by clicking the Edit button and then using the left arrow button.
...
Configuring Client Subscription and Generating API Key
Now create Create a product and add the OAuth-secured API project to it, create . Then create a Client and then create Client Subscriptions. To do this, use Apps - Manage API Products and Client Subscriptions prompt in the Dashboard and follow the steps mentioned in the Adding Products, Clients and Client Subscriptions section.
...
Figure 7: Generating Consumer Key and Consumer Secret
By this, When the set up from the API Dashboard is over and , the client may be provided with the keys that are generated for their communication.
Obtaining access token from Token Endpoint
Now, when When the client sends a request which carries a valid Consumer Key and Consumer Secret to the Token End Point in order to get an access token, the Token End Point verifies the credentials and returns the access token back to the client.
...
After receiving the Access Token, it is sent along with the request as a query parameter(since Query is set in VerifyAccessTokenPolicy) to access the protected API. Now the request The Request URL will be in the following format:
...