Registering an application
Before you can use an API, you must register your application to the Developer Portal.
About this task
When you register an application, you are provided with a client ID and client secret for the application. You must supply the client ID when you call an API that requires you to identify your application by using a client ID, or a client ID and client Secret.
You can, optionally, add further client ID/client secret pairs to an application, any of which can be used to identify the application when calling an API.
To register an application, complete the following steps:
The Apps page opens.
Click Create new App.
Click Register new Application.Note: If development application workflow is enabled for the catalog that is associated with your Developer Portal, a Development label is displayed alongside the title of your application. Your application can call APIs in the catalog only through dedicated development endpoints. When you complete your application testing, you can request to upgrade your application to Production status. After the upgrade request is approved, your application can call API calls through production endpoints. For more information, see Upgrading a Development application to Production status.
- Complete the displayed fields. Note: Do not include a double quotation mark, ", or backslash, \, character in the
Titlefield. Including these characters causes errors when you generate an access token in the OAuth process.
In the Certificate field, paste the X509 certificate for your application, in PEM format.
The Certificate field is available only if the APIs that are published to the Developer Portal include at least one API that is secured with TLS mutual authentication. You must complete this field if you want to call an API that is secured with TLS mutual authentication. For more information, see Composing a REST API definition.
Your application is displayed.
Make a note of your client secret because it is only
You must supply the client secret when you call an API that requires you to identify your application by using a Client ID and Client Secret.Note: The client secret cannot be retrieved. If you forget it, you must reset it.
The client ID is hidden, so to display the client ID for your application, select the
Show checkbox for Client ID.
The client ID is displayed and can be hidden again by clearing the checkbox .
To verify your client secret, click Verify next to Client Secret, enter
your client secret in the Secret field, then click
You confirmed whether your Client Secret is correct or incorrect.
To add an additional client ID and client secret to the application, complete the following steps:
If you add additional credentials to an application, any of the associated client ID/client secret pairs can be used to identify the application when calling an API. An application can have at most 20 client ID/client secret pairs.Note: If you add two or more sets of client credentials to an application, OAuth tokens are not shared between them; each client credential set uses a different OAuth token.
Click Add alongside Client Credentials.
Request additional client credentialswindow opens.
- Enter an optional description, and click Submit.
- Select the Show Client ID or Show Client Secret check box to display the client ID or client secret for the new credentials.
- To add a description to a set of client credentials, or to change the current description, click Update alongside the required credentials.
- To remove a set of client credentials from the application, click Delete alongside the required credentials.
- Click Add alongside Client Credentials.
To add an image, click Update under the default image.
A new window opens; click Browse, select an image from your directory, and click Submit.
To specify or change the URL that authenticated OAuth flows for this application should be
redirected to, click the Edit icon and then update the OAuth
Redirect URI field.
From API Connect Version 184.108.40.206, you can specify multiple OAuth redirect URLs by separating them with a comma (there is a strict limit of 2048 characters for this field). For example,
https://abc.redirect.com,https://def.acme.redirect.com. If only one redirect URL is specified, and the application does not provide the
redirect_uriin the OAuth request, then API Connect automatically uses the one redirect URL specified. However, if more than one redirect URL is specified, then the application must provide the
redirect_uriin the OAuth request, or the OAuth request is rejected.
- Optional: To change the application name or description, or verify or reset the client secret, click the Edit icon.