Registering an application

Before you can use an API, you must register your application to the Developer Portal.

About this task

When you register an application, you are provided with a client ID and client secret for the application. You must supply the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client Secret.

You can, optionally, add further client ID/client secret pairs to an application, any of which can be used to identify the application when calling an API.

Procedure

To register an application, complete the following steps:

  1. Click Apps.
    The Apps page opens.
  2. [V5.0.5 or later]Click Create new App.
    [V5.0.4 and earlier]Click Register new Application.
    [V5.0.7 or later]Note: If development application workflow is enabled for the catalog that is associated with your Developer Portal, a Development label is displayed alongside the title of your application. Your application can call APIs in the catalog only through dedicated development endpoints. When you complete your application testing, you can request to upgrade your application to Production status. After the upgrade request is approved, your application can call API calls through production endpoints. For more information, see Upgrading a Development application to Production status.
  3. Complete the displayed fields.
    Note: Do not include a double quotation mark, ", or backslash, \, character in the Title field. Including these characters causes errors when you generate an access token in the OAuth process.
  4. Optional: [V5.0.8 or later] In the Certificate field, paste the X509 certificate for your application, in PEM format.

    The Certificate field is available only if the APIs that are published to the Developer Portal include at least one API that is secured with TLS mutual authentication. You must complete this field if you want to call an API that is secured with TLS mutual authentication. For more information, see Composing a REST API definition.

  5. Click Submit.
    Your application is displayed.
  6. Make a note of your client secret because it is only displayed once.
    You must supply the client secret when you call an API that requires you to identify your application by using a Client ID and Client Secret.
    Note: The client secret cannot be retrieved. If you forget it, you must reset it.
  7. Optional: The client ID is hidden, so to display the client ID for your application, select the Show checkbox for Client ID.
    The client ID is displayed and can be hidden again by clearing the checkbox .
  8. Optional: To verify your client secret, click Verify next to Client Secret, enter your client secret in the Secret field, then click Submit.
    You confirmed whether your Client Secret is correct or incorrect.
  9. To add an additional client ID and client secret to the application, complete the following steps:
    1. Click Add alongside Client Credentials.
      The Request additional client credentials window opens.
    2. Enter an optional description, and click Submit.
    3. Select the Show Client ID or Show Client Secret check box to display the client ID or client secret for the new credentials.
    4. To add a description to a set of client credentials, or to change the current description, click Update alongside the required credentials.
    5. To remove a set of client credentials from the application, click Delete alongside the required credentials.
    If you add additional credentials to an application, any of the associated client ID/client secret pairs can be used to identify the application when calling an API. An application can have at most 20 client ID/client secret pairs.
    Note: If you add two or more sets of client credentials to an application, OAuth tokens are not shared between them; each client credential set uses a different OAuth token.
  10. Optional: To add an image, click Update under the default image.
    A new window opens; click Browse, select an image from your directory, and click Submit.
  11. Optional: To specify or change the URL that authenticated OAuth flows for this application should be redirected to, click the Edit icon and then update the OAuth Redirect URI field.

    [V5.0.8 or later]From API Connect Version 5.0.8.1, you can specify multiple OAuth redirect URLs by separating them with a comma (there is a strict limit of 2048 characters for this field). For example, https://abc.redirect.com,https://def.acme.redirect.com. If only one redirect URL is specified, and the application does not provide the redirect_uri in the OAuth request, then API Connect automatically uses the one redirect URL specified. However, if more than one redirect URL is specified, then the application must provide the redirect_uri in the OAuth request, or the OAuth request is rejected.

  12. Optional: To change the application name or description, or verify or reset the client secret, click the Edit icon.

Results

Your application is registered.

What to do next

Select a Plan to use with your application, see Selecting a Plan.