The API Consumption Model Using OAuth 2.0 Tokens
To enable a consumer to access and use an API using OAuth 2.0 access token, the following events must occur:
1. The consumer sends a request to consume an API. The request must include the consumer's authentication credentials.
2. CentraSite generates the OAuth 2 Client Id and Client Secret for consumption of the API (the specific OAuth 2.0 token generation steps depend on the configuration settings defined by the Provider (owner) of the API). Later, CentraSite prepares the API for publishing and invokes the OAuth 2 Client Generation policy in Mediator.
3. The OAuth 2 Client Generation policy publishes the OAuth 2.0 token to Mediator.
4. If publish of the OAuth 2.0 token is successful, the OAuth 2 Client Generation policy returns a success message with details including OAuth 2 Client Id, Client Secret, and URL to obtain the access token for consuming the API. If publish of the OAuth 2.0 token is unsuccessful, the deployer service returns a failure message.
5. CentraSite generates the OAuth 2.0 token using the OAuth 2 Client Id, Client Secret, and access token URL.
6. The consumer accesses the URL for API consumption, sends the OAuth 2.0 token as an integral part of the HTTP/SOAP request header, and upon validation of the OAuth 2.0 token consumes the API.
7. If the consumption is successful, the consumer uses the API. If the consumption is unsuccessful for some reasons of authorization, a 500 fault is returned.