Testing an OAuth Protected API

API Portal 10.7 | webMethods API Portal for All Users | Using and Testing APIs | OAuth 2.0 Support | Testing an OAuth Protected API

When an OAuth protected API is published from API Gateway to API Portal you require an OAuth2 access token to test the API. The Authorization server can be configured to use either HTTP or HTTPS connection to authorize requests. For information on enabling HTTPS mode for Authorization server in API Gateway see, API Gateway Administrator's Guide and webMethods Integration Server Administrator’s Guide.

To test an OAuth2 protected API

1. Switch to the API Gallery page.

Alternatively, go to the Home page and type the beginning of the API name in the search box.

2. Click View details for an API.

The API Details page opens.

3. Click Get access token if you are accessing the API for the first time, else proceed to step 6.

4. In the Request API access token dialog box, provide the Application name and Application description.

The application is created and listed in the Applications page.

5. Click Request token.

6. In the API details page, click Try API.

The application is listed in the Try API page.

7. Type a path parameter key and its value in the respective fields in the Parameter tab. You can add multiple entries by clicking

8. Provide the following information in the Authorization tab:

Authorization Type: Select OAuth.

Token name: Type a name for the token.

Grant type: Select the grant type to be used to authenticate the API. Available values are Authorization code, Implicit, Client Credentials.

The Authorization URL, Access token URL, Client Id, and Client secret are pre-populated depending on what grant type is selected.

9. Click Get token.

10. In the API Gateway Resource access approval page, click Approve.

This page lists all the APIs that are added as part of the application.

Note:
This step is applicable only if you have selected Authorization Code or Implicit in the Grant type field.

A token is generated and is listed under the available token list. An Authorization header is added along with the access token value.

11. Type in the required Header name(s) and corresponding value(s) in the Headers tab. You can add multiple entries by clicking

12. Select the access token and click Send.

The response is displayed.

To clear the values entered and response rendered, click Clear.