Creating OAuth2.0 access token using Apigee

We have a back-end server already running REST micro-service in any language framework. We have GET / POST APIs ready to be consumer by the consumer but we need to have authentication and authorization in place for obvious security purpose.

Hence once of the solution is to have OAuth authentication and Apigee provides us ready to consume framework for that.

4. Fill the app name and proxy base path for authetication API and click “Next”

5. Select as as below and click “Next”

6. Select virtual hosts as “Secure” and click next

7. Select only “test” environment to build and deploy. Click on “Build and Deploy”

8. Service will be built and deployed.

9. Click on the service to open it in editor. You will see 4 tabs on top right corner. Click on “Develop” tab. We need to configure service to perform authentication.

10. We will see screen like below when we open the API proxy.

11. Now we need to add a POST action on this API proxy and ensure that it performs authentication. Click on “+” on the Proxy Endpoints page. Fill details as below and click “Add”

12. We will see that a new POST end point as “authenticate” is added in “default” proxy. Click on this “authenticate” and then press “+ Step” button in the flow.

13. Now scroll to “OAuth v2.0” and click on “Add”.

14. Replace highlighted code in screenshot for add step with below code. Click on “Save” on top left of screen. If asked click on “Save as New Revision”, it will create a new revision as number “2”.

15. Now click on “Overview” tab and change “Deployment” to “test”. If asked agree to deploy latest revision number i.e. “2”. Refer below screenshot after deployment.

16. Now we have created authentication service which will authenticate the client id / secret key and generate access token in return. Next steps is to create a new product for the API, create a new Develop and add a new App to consume it.

Click on “PUBLISH” -> “API Products” -> “+ API Product”. Fill details and click “Save”. We are basically creating a product which a bundle of our API’s to be subscribed by the consumers. Our authenicate API’s will work for only those Developers which are subscribers for our product only.

Now we need to create a new Developer. Go to “PUBLISH” -> “Developers” -> “+ Developer”. Here we have created a Developer as “MyAppDeveloper”

Go to “PUBLISH” -> “Apps” -> “+App” and select the created Product and Developer in it.

Click on “Save”. This will create a many to many relation between Developer and API’s.

We have created the API along with API product, developer and developer App. Now we need to call the authentication API and generate access token.

Related posts:

103 Early Hints is an experimental status code. It can be used by a server to preemptively send headers to a client or intermediary. A client might be able to use these headers to make certain…

The darkness of my Advent is from my own eyes closed;. “Advent Avoidance” is published by Amie Tara Brodie.

From established projects with high valuations to low-valued new projects coming out of the gate, the Ethereum network acts as one of the main playgrounds for visionnaires. Ethereum processes over 1M…