Creating an OAuth security definition

When you create an OAuth security definition, you provide settings for controlling access to the API operations through the OAuth authorization standard.

Before you begin

Before you can create an OAuth security definition, you must:

Create an OAuth provider.
- To use Cloud Manager, see Configuring a native OAuth provider or Configuring a third-party OAuth provider.
- To use API Manager, see Configuring a native OAuth provider or Configuring a third-party OAuth provider.
Add the OAuth provider to a catalog. If you have not created any catalogs, use the Sandbox Catalog. See the OAuth instructions step in Creating and configuring Catalogs.

About this task

You can complete this task either by using either the API Designer UI application, or by using the browser based API Manager UI.

Procedure

To create an OAuth security definition, complete the following steps:

In the navigation pane, click Develop, then select the APIs tab.
To create the security definition in an existing API, click the API you want to work with. To create a new API to add the security definition to, see Creating an API definition.
Select Security Definitions and click Add.
Enter a name for the security definition and an optional description.
For Type, select OAuth2.
From the OAuth Provider menu, select the provider that you want to use in this security definition.

Note: The OAuth providers that you can select from are those that are specified in the Sandbox Catalog for the management server and provider organization that you are connected to.
If you are using the API Manager user interface, the connection details are determined by the API Manager URL that you open, and the user ID with which you log in. If you are using the API Designer user interface, you provide the management server details and user ID in the login window that opens when you first launch API Designer; see Logging into API Connect Designer.

If you are working in offline API Designer, you must you must type in the exact name of the OAuth provider.

You will need to specify the selected OAuth provider in any Catalog to which the API is to be published.

For details of how to specify the OAuth providers in a Catalog, see Creating and configuring Catalogs.
From the Flow menu, select the grant type for the provider.

The supported flow types are Application, Resource owner, Access Code, or Implicit. The values for the endpoints are automatically displayed in entries for Token URL and Authorization URL, as applicable to the flow type. For example:

Setting Value

Flow Application

Token URL https://example.com/samplenative/oauth2/token

Note: The Authorization URL and Token URL are maintained only for informative purposes, no validation or other action is applied to them by API Connect.
Optionally, specify additional scopes by clicking Add. For each additional scope, specify Name and Description.
Click Save to save your changes.

Setting	Value
Flow	`Application`
Token URL	`https://example.com/samplenative/oauth2/token`

What to do next

Apply your security definition to the API, or to one or more API operations. For more information, see Applying security definitions to an API and Applying security definitions to an API operation.