I have just setup OTK 3.0 and can access oauth/manager and /oauth/v2/client/authcode . I have created new client key and now try to use in my API policy. I have drop fragment OTK require 2.0 and try to pass access_token thru query parameter. But it is not working. Need Help. Sample Policy and soap call. Any other documentation which can help me to use other OTK fragment?
You may want to take a look at this document: Secure an API Endpoint with OAuth - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation
It is from a newer version of OTK but mostly still applies to your version. You can use the encapsulated assertion 'Require OAuth 2.0 Token' to retrieve the access token. Note encapsulated vs the policy fragment you mentioned. This can be found in your assertion palette.The token can be passed as an authorization header, ie: Authorization: Bearer <Token> or query parameter named as 'access_token'.
The assertion logic is set to use either of these options as seen below. You can simply drag this to the top of your policy without further modification. As long as the token is passed in either manner (and the token is valid) you will gain access.
Can you guide me on generating new token. It works thru soapui (see screen shot 1) but if I call same thing thru my API and calling the same backend token endpoint it gives error. . see screen shot 2 as sample policy and screen shot 3 as soap call.
gateway error log.
Can you change the content type to 'application/x-www-form-urlencoded' in SOAPUI and try this again? A full policy export of the endpoint that is routing to the token endpoint would also be helpful in debugging this.
If that does not help it may be best to open a support case so we can review the policies further.
Can you please add assertion to frame this API in this block.