Tutorial (OAuth Setup)

API Platform Version: 8.1 and later

How do I perform the OAuth setup process in the platform?

The OAuth setup process involves a series of configuration tasks performed by different roles (Site Administrator, Business Administrator, API Provider, and App Developer) to achieve the end result of being able to authorize your app using an OAuth Provider. This quick start provides an end-to-end walkthrough to illustrate the overall process and roles performing each task. The walkthrough includes links to more detailed topics within the help.

Tasks Performed By / Description
Install Resource Owner and OAuth Provider Features Site Administrator

This task is performed using the Akana Administration Console. Each feature installs one or more domains to the Administration > Domains section in the platform, and the domains are available for selection via the Add Domain function.

Note: This task is performed as part of the initial platform setup process.
Configure Resource Owner Domain

Business Administrator / API Provider

This task is performed in the Administration > Domains section using the Add Domain function.

A Resource Owner domain is an identity store that defines OAuth Providers you would like to establish access permissions with. Selecting a Resource Owner is typically based on the most common method by which users will be accessing an API or application (Google®, Yahoo®, Facebook®, etc.).

Note: Configuring one or more Resource Owner domains is a prerequisite to configuring an OAuth Provider domain. Configured Resource Owner domains automatically populate the OAuth Provider domain user interface and are required input when you configure the OAuth Provider domain.

CA SiteMinder or LDAP

Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the Admin > Domains > Add Domain > OAuth Provider Domain wizard (Grant Types tab).

Configure OAuth Provider Domain Business Administrator / API Provider

This task is performed in the Administration > Domains section using the Add Domain function.

The OAuth Provider domain option must first be populated with Resource Owner domains that represent the various OAuth Providers you would like to establish access permissions with.
Configure API with OAuth Provider API Provider

This task is performed in the API > API Details section using the OAuth Details function.

The Resource Owner and OAuth Provider domains must be pre-defined by the Business Administrator and available for selection in the API OAuth Wizard.

Configure OAuth Profile for App App Developer

This task is performed in the App > App > OAuth Profile section.

Send Requests to App to test OAuth Configuration

App Developer

This task is performed using the Test Client tool: App > Test Client. Select the API, and any other values. Click Credentials and verify the app credentials; then click Security Settings, page through the wizard, and set up OAuth options as needed. Then click Run to send a request.

You can also try out a specific API, with you app or on its own. Go to API > Test Client.

Prerequisite: Install Resource Owner and OAuth Provider Features

Performed by: Site Administrator

Before you can configure authorization domains, you must install the Resource Owner and OAuth Provider domains via the Akana Administration Console. For installation information, refer to the Akana API Platform Installation Guide. For a list of features and descriptions, see What domain types are supported? (Business Admin help).

Note: This task is performed as part of the initial platform setup process.

Step 1: Configure Resource Owner Domain

Performed by: Business Administrator / API Provider

The first step in the OAuth Provider configuration process is to identity the target user base that will require authorization when logging into an application. For example, if your users typically use Google as a method of performing an external login, the Business Admin will need to set up a Google Connector domain. If your users typically use SiteMinder as a method of performing an external login, they will require an LDAP identity store.

CA SiteMinder or LDAP

Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the Admin > Domains > Add Domain > OAuth Provider Domain wizard (Grant Types tab).

To configure an LDAP Resource Owner Domain:
  1. The LDAP Resource Owner Domain is preinstalled and is available for selection when you configure the OAuth Provider domain. Continue to Step 2.

Step 2: Configure OAuth Provider Domain

Performed by: Business Administrator / API Provider

After configuring your Resource Owner Domain, the second step is to configure an OAuth Provider domain.

To configure an OAuth Provider domain:
  1. Follow the steps in How do I set up and configure an OAuth Provider domain? and then continue with Step 3.

Step 3: Configure API with OAuth Provider

Performed by: API Provider

After the Business Administrator / API Provider configures the Resource Owner and OAuth Provider domains, they are available on the My APIs > API > Details page via the OAuth Details function.

To configure OAuth for your API:
  1. Follow the steps in How do I configure my API with an OAuth Provider? and then continue with Step 4.

Step 4: Configure OAuth Security Credentials for App

Performed by: App Developer

To configure your app with OAuth:
  1. Follow the instructions in How do I configure OAuth credentials? and then continue to Step 5.

Step 5: Test OAuth Configuration

Performed by: App Developer

To test authorizing your app with OAuth and send a request:
  1. Perform How do I use Test Client to test authorization of my app with an API that supports OAuth?

Back to top