Layer 7 API Management

Expand all | Collapse all

OAuth ToolKit APIs

Jump to Best Answer
  • 1.  OAuth ToolKit APIs

    Posted 12-12-2019 09:52 AM
    Hello,


    There is a list of APIs defined in swagger document: " https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions/oauth-toolkit-apis.html ".

    Couple of them requires "Authentication is done via SSL mutual authentication". I am trying to test them via Postman, is it possible to surpass "Authentication is done via SSL mutual authentication". 

    Also, I tried "/oauth/clientstore/clientKeys/count". But got below error:-



    Please advise.

    Thanks !!


  • 2.  RE: OAuth ToolKit APIs
    Best Answer

    Posted 12-12-2019 09:56 AM
    Hi Ankush,

    You would need to disable the client cert check in the policies for the API. You can set this to false.
    If you must do this, be very careful and only do this in a controlled testing environment as these are intended to be secured.

    Otherwise, you can export the private key and import it to Postman for mutual auth.




  • 3.  RE: OAuth ToolKit APIs

    Posted 12-13-2019 10:05 AM
    Hi Joe,

    These are API's are part of the OAuth ToolKit and I don't see them in the OTK installation folder / Policies.

    Ex:--



    I tried importing gateway keys to the postman, but the error remains the same.

    Thanks,
    Ankush


    Thanks !!


  • 4.  RE: OAuth ToolKit APIs

    Posted 12-13-2019 12:49 PM
    Hi Ankush,

    The endpoints for the API's are published as wildcard services, so you will see /oauth/clientstore/*
    The key that is used would need to be part of a Federated Identity.

    Regards,
    Joe