Enabling OAuth for Application using TIBCO API Exchange Manager

Using the TIBCO API Exchange Manager, you can access the target services deployed on the TIBCO API Exchange Gateway, as follows:

  • Using the API key. This is the default behavior. See the following guides on how to use API key to access the target services:
    • TIBCO API Exchange Manager Administration
    • Adapter Code for TIBCO® API Exchange and Joomla! User's Guide
    • Adapter Code for TIBCO® API Exchange and Joomla! Administration
  • Using the access token issued by the OAuth server. See OAuth Server Endpoints.

This section explains how you can use TIBCO API Exchange Manager to register an application for OAuth authorization and generate the keys (client ID and client secret). After the client ID and client secret are sent to an application, exchange these keys to obtain an access token.

The following are the high level steps to secure your application for OAuth authorization using TIBCO API Exchange Manager:

Procedure

  1. Enable Application for OAuth

    To enable any application for OAuth authorization using TIBCO API Exchange Manager, follow these steps:

    1. Log in to the TIBCO API Exchange Manager Joomla Administrator.
    2. Click the System > Global Configuration > API manager Config and Email template link.
    3. Set Enable OAuth to Normal.
    4. Save your settings.

      Refer to following guides for details:

    • Adapter Code for TIBCO® API Exchange and Joomla! User's Guide
    • Adapter Code for TIBCO® API Exchange and Joomla! Administration
    Note: Adapter Code for TIBCO® API Exchange and Joomla! User's Guide and Adapter Code for TIBCO® API Exchange and Joomla! Administration manuals are available at the following location:https://github.com/API-Exchange/JoomlaAdapter/wiki
  2. Register Application for OAuth

    When you create an application, set the following parameters of the application for OAuth authorization under Scopes:

    1. Set Enable OAuth to Yes.
    2. Select the Scope for an application, such as public.
    3. Enter Redirect URL which is required for authorization code flow.
    4. Save changes to the application.

      Refer to following guides on how to setup a new application:

    • Adapter Code for TIBCO® API Exchange and Joomla! User's Guide
    • Adapter Code for TIBCO® API Exchange and Joomla! Administration
    Adapter Code for TIBCO® API Exchange and Joomla! product manuals are available at the https://github.com/API-Exchange/JoomlaAdapter/wiki location.
  3. Request Key for an Application

    To receive the client ID and client secret for an application, follow these steps:

    1. Select the application.
    2. Click Request Key tab.
    3. Verify that the client ID and client secret are returned on the screen.
  4. Use Client ID and Client Secret to Request Access Token

    After the client ID and client secret are generated for the application, use a REST client such as POSTMAN to request an access token. For the endpoints details, see Authorization API.

  5. Use Access Token to Access Target Services

    After the access token is sent to the application by the OAuth server, use the access token to access the target services hosted by TIBCO API Exchange Gateway.

    For example, to query books by author using the access token, use the following URL:

    http://ASGGatewayHost:ASGGatewayPort/Books/BookOperations/Author/Vivek Ranadive?access_token=T1amGT21.Idup.e684f84d18e4bedec955c75482acef9