Layer7 API Management

Expand all | Collapse all

Oauth call in the API Portal

Jump to Best Answer
  • 1.  Oauth call in the API Portal

    Posted 11-05-2018 08:35 AM

    We secure an api with oauth2 authorization code flow. To publish the api onto the portal I did not add the authorize en token calls. In the portal can be seen that these api have a access token  But there is no definition of the authorize en token calls. The question is how to arrange that in this json these two oauth apis can be seen but still in the gateway there is no check on the neccessary oauth tokens?

  • 2.  Re: Oauth call in the API Portal

    Posted 11-05-2018 08:40 AM

    Hi Janssens,


    Which version of the developer portal are you currently using? Would you be able to elaborate a bit on the request?

    It sounds like you are questioning how the token was generated to access an OAuth protected API. If you could please provide a bit more information I'd be happy to help.




  • 3.  Re: Oauth call in the API Portal

    Posted 11-05-2018 08:49 AM


    I use the api portal 4.2.

    I have an api getAccount to retrieve some account information to the requestor. This api is secured by ouath so the requestor gets an access token for this call bi using the standard oauth2 authorize en token calls. When I publish the getAccount api to the portal, the authorize en token calls can not be seen. And if I publist the getAccount, authorize en token calls together to the portal, the authorize calls are rejected because there is not access token in the authorize call. I can n ot see how arrange this.

  • 4.  Re: Oauth call in the API Portal
    Best Answer

    Posted 11-06-2018 08:44 AM

    Thank you for clarifying. If the API is published via the portal you will need to ensure that you have chosen OAuth from the policy templates. Once the API is synced to your Gateway you will need to use the OAuth endpoints on the external Gateway to generate an access token.


    The OAuth endpoints utilized will be on the same Gateway as the published API. To consume the API you must first follow the steps to obtain the token


    OAuth Request Scenarios - CA API Management OAuth Toolkit - 4.3 - CA Technologies Documentation 


    Once you have the token it can then be passed to the API as either part of the form POST body, authorization header or optionally, though not recommended, via the query parameter.


    If I have misunderstood please do let me know.




  • 5.  Re: Oauth call in the API Portal

    Posted 11-06-2018 09:02 AM

    thanks Joe, the the api calls for the oauth tokens are working correctly. But how will the developer who has access to the portal now what de authorize en token endpoints look like? These two calls are not listed in the portal. 

  • 6.  Re: Oauth call in the API Portal

    Posted 11-08-2018 08:29 AM

    Hi Janssens,


    They would need to be provided with the OAuth details outside of the portal. The amount of calls would depend on the flow, they could use something like the client credentials grant type which will only need the single call to the v2/token endpoint. 




  • 7.  Re: Oauth call in the API Portal

    Posted 11-28-2018 11:27 AM


    Did the answers on this thread answered your question? If it did please mark it as the right answer.
    When your question is not answered or you still have additional questions please let us know.

    With Kind Regards

  • 8.  Re: Oauth call in the API Portal

    Posted 11-29-2018 02:08 AM



    the answer is clear.


    I just thought that thet authorize and token call definitions were also visible thru the portal, but these have to be provided somewhere else


    Met vriendelijke groet,


    Jos Janssens | Solution Architect

    I&C Klant wil betalen | de Volksbank N.V.

    | +31736832523


    Van: DirkBleyenberg <>

    Verzonden: woensdag 28 november 2018 17:28

    Aan: Janssens, J.M. (Jos) <>

    Onderwerp: Re:  - Re: Oauth call in the API Portal


    CA Communities <>



    Re: Oauth call in the API Portal


    reply from DIRK BLEYENBERG<> in CA API Management Community - View the full discussion<>