You can use the Token API to invoke an API through a third-party application like a mobile app. The Token API comes bundled with the API Manager by default. It requires the base64 encoded string of the
For instructions to generate an application-level access token from the API Store, see
- Combine the consumer key and consumer secret keys in the format consumer-key:consumer-secret and encode the combined string using base64. Encoding to base64 can be done using the URL:
Here's an example consumer key and secret combination :
- Access the Token API by using a REST client such as the
- Assuming that both the client and the API Gateway are run on the same server, the token API url is https://localhost:8243/token
- payload -
"grant_type=password&username=<username>&password=<password>&scope=PRODUCTION". Replace the
<password>values as appropriate.
- headers -
Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace the
<base64 encoded string>as appropriate.
For example, use the following cURL command to access the Token API. It generates two tokens as an access token and a refresh token. You can use the refresh token at the time a.
curl -k -d "grant_type=password&username=<username>&password=<password>&scope=PRODUCTION" -H "Authorization :Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
The Token API endpoint is specified in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml file [where _LoginAPI_.xml is the deprecated API]. When running the server with different port offsets from the default port (i.e., 9443), you need to update the endpoints defined inside the _TokenAPI_.xml and _LoginAPI_.xml files with that offset. See Changing the Default Ports with Offset.
Info icon false
User access tokens have a fixed expiration time, which is set to 60 minutes by default. Before deploying the API manager to users, extend the default expiration time by editing the
<AccessTokenDefaultValidityPeriod>tag in <PRODUCT_HOME>/repository/conf/identity.xml.
When a user access token expires, the user can try regenerating the token as explained in the Renew user tokens section. or Curl, with the following parameters.