Page History
...
- Combine the consumer key and consumer secret keys in the format consumer-key:consumer-secret and encode the combined string using base64. Encoding to base64 can be done using the URL: http://base64encode.org.
Here's an example consumer key and secret combination :wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the Token API by using a REST client such as the WSO2 REST Client or Curl, with the following parameters.
- Assuming that both the client and the API Gateway are run on the same server, the token API url is https://localhost:8243/token
- payload -
"grant_type=password&username=<username>&password=<password>&scope=PRODUCTION"
. Replace the<username>
and<password>
values as appropriate. - headers -
Authorization: Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded
. Replace the<base64 encoded string>
as appropriate.
For example, use the following cURL command to access the Token API. It generates two tokens as an access token and a refresh token. You can use the refresh token at the time a token is renewed .
Code Block curl -k -d "grant_type=password&username=<username>&password=<password>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Note The Token API endpoint is specified in the
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
file (note that_LoginAPI_.xml
is the deprecated API).When running the server with ports different to the default (i.e., 9443), you must update the endpoints defined inside the default APIs accordingly (
_TokenAPI_.xml,
_LoginAPI_.xml
etc.). See Changing the Default Ports with Offset.Info icon false User access tokens have a fixed expiration time, which is set to 60 minutes by default. Before deploying the API manager to users, extend the default expiration time by editing the
<AccessTokenDefaultValidityPeriod>
tag in<PRODUCT_HOME>/repository/conf/identity.xml
.When a user access token expires, the user can try regenerating the token as explained in the Renew user tokens section.
...
Code Block |
---|
curl -k -d "grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token |
...
- Combine the consumer key and consumer secret keys as
consumer-key:consumer-secret
and encode the combined string using base64 using http://base64encode.org. Here's an example consumer key and secret combination:wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the Token API using a REST client such as the WSO2 REST Client or Curl. The parameters are explained below:
- Assuming that both the client and the API Gateway run on the same server, the Token API URL is https://localhost:8243/token.
- payload -
"grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<SAML2_Encoded_Assertion_Token>
&scope=PRODUCTION"
. Replace the<SAML2_Encoded_Assertion_Token>
value as appropriate. - headers -
Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded
. Replace the<base64 encoded string>
as appropriate.
For example, use the following cURL command used to access the Token API generates an access token and a refresh token. You can use the refresh token at the time a token is renewed.
Code Block curl -k -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<SAML2_Encoded Assertion>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Warning The Token API endpoint is specified in
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
file. When running the server with ports different to the default (i.e., 9443), you must update the endpoints defined inside the_TokenAPI_.xml
file accordingly. See Changing the Default Ports with Offset.