Page History
...
- Combine the consumer key and consumer secret keys in the format consumer-key:consumer-secret and encode the combined string using base64. Encoding to base64 can be done using the URL: http://base64encode.org.
Here's an example consumer key and secret combination :wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the Token API by using a REST client such as the WSO2 REST Client or Curl, with the following parameters.
- Assuming that both the client and the API Gateway are run on the same server, the token API url is https://localhost:8243/token
- payload -
"grant_type=password&username=<username>&password=<password>&scope=PRODUCTION"
. Replace the<username>
and<password>
values as appropriate. - headers -
Authorization: Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded
. Replace the<base64 encoded string>
as appropriate.
For example, use the following cURL command to access the Token API. It generates two tokens as an access token and a refresh token. You can use the refresh token at the time a token is renewed .
Code Block curl -k -d "grant_type=password&username=<username>&password=<password>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Warning The Token API endpoint is specified in
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
file. When running the server on a different port from the default (i.e., 9443), or if your Key Manager is running on a different machine from your API Gateway, you must update the endpoint inside the_TokenAPI_.xml
file as described in the prerequisites.Info icon false User access tokens have a fixed expiration time, which is set to 60 minutes by default. Before deploying the API manager to users, extend the default expiration time by editing the
<AccessTokenDefaultValidityPeriod>
tag in<PRODUCT_HOME>/repository/conf/identity.xml
.When a user access token expires, the user can try regenerating the token as explained in the Renew user tokens section.
...
- Combine the consumer key and consumer secret keys as
consumer-key:consumer-secret
and encode the combined string using base64 using http://base64encode.org. Here's an example consumer key and secret combination:wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the Token API using a REST client such as the WSO2 REST Client or Curl. The parameters are explained below:
- Assuming that both the client and the API Gateway run on the same server, the Token API URL is https://localhost:8243/token.
- payload -
"grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<SAML2_Encoded_Assertion_Token>
&scope=PRODUCTION"
. Replace the<SAML2_Encoded_Assertion_Token>
value as appropriate. - headers -
Authorization :Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded
. Replace the<base64 encoded string>
as appropriate.
For example, use the following cURL command used to access the Token API generates an access token and a refresh token. You can use the refresh token at the time a token is renewed.
Code Block curl -k -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<SAML2_Encoded Assertion>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Warning The Token API endpoint is specified in
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
file. When running the server on a different port from the default (i.e., 9443), or if your Key Manager is running on a different server from your API Gateway, you must update the endpoint inside the_TokenAPI_.xml
file as described here.
...
Code Block |
---|
curl -k -d "grant_type=refresh_token&refresh_token=<retoken>&scope=PRODUCTION" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh," -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token |
...