This documentation is for WSO2 IoT Server 3.2.0. View the documentation for the latest release.
Application Management REST APIs - IoT Server 3.2.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

WSO2 IoT Server is 100% API driven. Therefore, you can create, publish and install the application using the application management APIs. 

Obtain the access token

You can obtain an access token by providing the resource owner's username and password as an authorization grant. It requires the base64 encoded string of the consumer-key:consumer-secret combination. Let's take a look at how it's done.

  1. Encode the client credentials as follows:

    echo -n <USERNAME>:<PASSWORD> | base64

    Example:

    echo -n admin:admin | base64

    The response:

    YWRtaW46YWRtaW4=
    powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"<USERNAME>:<PASSWORD>\"))

    Example:

    powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"admin:admin\"))

    The response:

    YWRtaW46YWRtaW4=
  2. Generate the Client ID and the Secret ID.

    App publisher

    curl -X POST -H "Authorization: Basic <BASE 64 ENCODED USERNAME:PASSWORD>" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_publisher","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://<IOTS_HOST>:<IOTS_HTTP_PORT>/client-registration/v0.11/register

    App store

    curl -X POST -H "Authorization: Basic <BASE 64 ENCODED USERNAME:PASSWORD>" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_store","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://<IOTS_HOST>:<IOTS_HTTP_PORT>/client-registration/v0.11/register
    • The base 64 encoded USERNAME :PASSWORD must be the username and password that you use to sign in to WSO2 IoT Server. Else, you will not be able to get the client_id and client_secret as the response.
    • The APIs that fall under different categories are grouped using tags. You subscribe to the API group by the tag you define in the cURL command.
      For example, the device_management tag is used to group all the device management APIs including those that belong to the device type APIs.
      To know about the available tags and the APIs grouped under each tag, navigate to the API Cloud Store, click on the available tags in the left side panel.

    Sample response:

    {"clientId":"xxxxxxxxxxxxxxxxxxxx","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"xxxxxxxxxxxxxxxxxxxx","isSaasApplication":true,"appOwner":null,"jsonString":"{\"grant_types\":\"password refresh_token\"}"}

    App publisher

    curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_publisher","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://localhost:9763/client-registration/v0.11/register

    App store

    curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_store","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://localhost:9763/client-registration/v0.11/register

    Sample response:

    {"clientId":"xEzeKlC81KYBVJfg65YBkikR6yYa","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"pd8ypwhnKRBw4hT1M1Ht0yti4uYa","isSaasApplication":true,"appOwner":null,"jsonString":"{\"grant_types\":\"password refresh_token\"}"}
  3. Encode the client credentials as follows:

    echo -n <CLIENT_ID>:<CLIENT_SECRET> | base64

    Example:

    echo -n f8fc0aI14DPrQ_DwkpSau1LGdwAa:p8g_rFXtbPjl5pGMJe4bNd5fwSEa | base64

    The response:

    cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh
    powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"<CLIENT_ID>:<CLIENT_SECRET>\"))

    Example:

    powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"f8fc0aI14DPrQ_DwkpSau1LGdwAa:p8g_rFXtbPjl5pGMJe4bNd5fwSEa\"))

    The response:

    cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh
  4. Generate the access token using the following command:

    curl -k -d "grant_type=password&username=<IOTS_USERNAME>&password=<IOTS_PASSWORD>&scope=<API_SCOPE>" -H "Authorization: Basic <BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET>" https://<IOTS_HOST>:<IOTS_HTTP_HOST>/oauth2/token

    The permission to invoke the APIs are assigned via the scope defined in each API. You can define all the scopes to generate an access token so you can invoke all the APIs or you can generate an access token that only has the required scope to invoke a specific API.

    For more information on all the device management API scopes, click on the publisher or store API links given below, click on the API you want to execute and use the scope defined for that API.
    Example:

    Generate the access token for the user having the username admin and password admin, and using the default WSO2 IoT Server host, which is localhost and the default HTTP port, which is 9763. In this example, we are generating an access token that has access to all the device management scopes.

    curl -k -d "grant_type=password&username=admin&password=admin&scope=appm:read" -H "Authorization: Basic EV6ZUtsQzgxS1lCVkpmZzY1WUJraWtSNnlZYTpwZDh5cHdobktSQnc0aFQxTTFIdDB5dGk0dVlh" https://localhost:9763/oauth2/token

    The response:

    {"access_token":"71885e4e-ae31-3195-9025-f116a82bc460","refresh_token":"22ef113d-1093-378e-a3f8-24369e3114c5","scope":"appm:read","token_type":"Bearer","expires_in":3600}

    The access token you generated expires in an hour. After it expires you can generate a new access token using the refresh token as shown below.

App management APIs

  • No labels