Fetching and Using OAuth 2.0 Client Tokens for Consumption
If you are using the OAuth 2.0 protocol and you have successfully registered as a consumer for an API, you should have received your OAuth 2.0 client credentials (a client_id and client_secret).
You need to obtain an OAuth 2.0 Access token from one of the REST services hosted by the authorization servers seen below:
REST Services | Hosted by (authorization servers) |
pub.apigateway.oauth2:getAccessToken | API Gateway |
You can include the obtained OAuth 2.0 access token in your requests to call the API.
The service's input parameters are:
client_id client_secret scope (optional). The scope value is the name of the virtual service. If the scope value is valid, the authorization server obtains the access token. If no scope value is provided, the authorization server provides the access token to the scope in which the client is allowed and adds the scope to the response. To provide the scope, include it in the request body.
Using HTTPS for Granting Access Tokens
For security reasons Software AG recommends using HTTPS in your production environment. If you are using HTTPS as the transport protocol over which the OAuth 2.0 access tokens are granted authorization, you must set the parameter pg.OAuth 2.0.isHTTPS.
Responses Returned to Clients
Following are sample responses that are returned to the client:
Sample XML response (If API Gateway is used as authorization server):
<Response
xmlns="https://localhost/rest/pub.apigateway.oauth2:getAccessToken">
<access_token>db95b40095f31439a1cd8f411e64abe8</access_token>
<expires_in>3600</expires_in>
<token_type>Bearer</token_type>
</Response>
Sample JSON response:
{
"access_token": "db95b40095f31439a1cd8f411e64abe8",
"token_type": "Bearer",
"expires_in": 3600
}