CentraSite Documentation : Runtime Governance with CentraSite : Virtualized APIs in CentraSite Business UI : Registering as Consumers of an API
Registering as Consumers of an API
 
Registering Users as Consumers
Registering Application Assets as Consumers
Viewing Consumer Registration Requests
Monitoring Consumer Count for an API
Clients that need to call (consume) APIs must register with CentraSite as consumers of the API.
Clients can register as consumers of APIs as a:
*User or user group with a valid CentraSite user account. For procedures, see Authorized CentraSite User Accessing API as Logged-On User.
*Guest user (with or without a valid CentraSite user account). For procedures, see Authorized CentraSite User Accessing API as a Guest or Registering Users as Consumers.
*Consumer application (which is represented as an Creating a Consumer Application). An Application asset defines precise consumer identifiers (for example, a list of user names in HTTP headers, a range of IP addresses, etc.). Thus Mediator can identify or authenticate the consumers that are requesting an API. For procedures, see Unauthorized User Accessing API as a Guest.
The API provider (owner of the API) enforces the type of authentication (API key or OAuth2 token) required for consuming an API. Based on the authentication enforced for the API, an API consumer will request the API key or the OAuth2 token in order to call (consume) that API.
*Clients that want to use the API key to call (consume) an API in CentraSite must:
1. Register as a consumer for the API.
When the client registration request is approved, the client receives an API key (a base64-encoded string of the consumer-key:consumer-secret combination). It works for both SOAP and REST calls.
2. To call the API, the client must pass the API key in the HTTP request header or as a query string parameter. The use of this key establishes the client's identity and authentication.
For information about using API keys to consume APIs, see Using Your API Keys for Consumption.
*The type of OAuth2 authorization grant that Mediator supports is “Client Credentials”. Client credentials are used as an authorization grant when the client is requesting access to protected resources based on an authorization previously arranged with the authorization server. That is, the client application gains authorization when it registers with CentraSite as a consumer.
Clients that want to use the OAuth 2.0 protocol to call (consume) APIs in CentraSite must:
1. Register as a consumer for the API.
When the client registration request is approved, the client receives client credentials (a client_id and client_secret).
2. Pass the client credentials to the Mediator-hosted REST service mediator.oauth2.getOAuth2AccessToken.
This service will provide an OAuth2 access token to the client. For information about this service, see Fetching and Using Your OAuth2 Access Tokens for Consumption.
3. To call the API, the client must pass their OAuth access token as an integral part of the HTTP request header.
An OAuth2 token is a unique token that a client uses to invoke APIs using the OAuth 2.0 protocol. The token contains an identifier that uniquely identifies the client. The use of a token establishes the client's identity, and is used for both the authentication and authorization.
Copyright © Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback