This documentation is for WSO2 API Manager 1.10.0 View documentation for the latest release.
Page Comparison - Generating Access Tokens with User Credentials - Password Grant Type (v.5 vs v.6) - API Manager 1.10.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Invoking the Token API to generate tokens 
Anchor
GenerateToken
GenerateToken
  

  1. Combine the consumer key and consumer secret keys in the format consumer-key:consumer-secret and encode the combined string using base64. Encoding to base64 can be done using the URL: http://base64encode.org.

     The encoded string should be used in the header of the cURL command.  

    Here's an example consumer key and secret combination: 

    wU62DjlyDBnq87GlBwplfqvmAbAaksdSdoefDDP7wpaElfqvmjDue.

    wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue. And here's the string encoded from the example: d1U2MkRqbHlEQm5xODdHbEJ3cGxmcXZtQWJBYTprc2RTZG9lZkREUDd3cGFFbGZxdm1qRHVl.The encoded string should be used in the header of the cURL command.

  2. Access the Token API by using a REST client such as cURL, with the following parameters.
    • Assuming that both the client and the API Gateway are run on the same server, the token API url is https://localhost:8243/token
    • payload - "grant_type=password&username=<username>&password=<password>&scope=<scope>". Replace the <username> and <password> values as appropriate.

      Tip

      Tip: <scope> is optional.

      If you define a scope for an API's resource, the API can only be accessed through a token that is issued for the scope of the said resource. For example, if you define a scope named 'update' and issue one token for the scopes 'read' and 'update', the token is allowed to access the resource. However, if you issue the token for the scope named 'read', the request to the API will be blocked.

    • headers - Authorization: Basic <base64 encoded string>, Content-Type: application/x-www-form-urlencoded. Replace the <base64 encoded string> as appropriate.          

    For example, use the following cURL command to access the Token API. It generates two tokens as an access token and a refresh token. You can use the refresh token at the time a token is renewed .

    Code Block
    curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhhd1U2MkRqbHlEQm5xODdHbEJ3cGxmcXZtQWJBYTprc2RTZG9lZkREUDd3cGFFbGZxdm1qRHVl" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

    You receive a response similar to the following:

    Code Block
    Response:
    {
    	"scope":"default",
    	"token_type":"Bearer",
    	"expires_in":3600,
    	"refresh_token":"ca5a51f18b2edf4eaa9e4b871e42b58a",
    	"access_token":"f2c66f146278aaaf6513b585b5b68d1d"
    }

...