Jul 25, 2018

Implementing oAuth with Apigee






<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1">
    <DisplayName>OAuth v2.0-1</DisplayName>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>VerifyAccessToken</Operation>
    <SupportedGrantTypes/>
    <GenerateResponse enabled="true"/>
    <Tokens/>
</OAuthV2>


Now this is protected by oAuth on server so we need service to generate oAuth token. Create a product that exposes this API and App that has access to this Product. Note the Client id and Client secret of this Developer app and get the Base64 encoded value of string <client_id>:<client_secret>.
Set this value in Basic authorisation as shown.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1">
    <DisplayName>OAuth v2.0-1</DisplayName>
    <ExpiresIn>180000</ExpiresIn>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.header.grant_type</GrantType>
    <GenerateResponse enabled="true"/>
</OAuthV2>

Now send a request for oAuth from postman as


Note down the token returned by this call and set it in header while sending request to actual API.


Congratulations...you were able to get the response from API that is protected by oAuth.