Configuring API clients

Edit online

Faspex requires your application use OAuth 2 to authorize your application to access protected Faspex resources.

OAuth 2 methods

Before your application can authorize to Faspex using OAuth 2, you must first register an API client for your application. Faspex supports these OAuth 2 methods:
OAuth 2 with SAML
Web applications requiring users to authenticated through a configured SAML identity provider (SAML IdP). For details, see Working with SAML.
OAuth 2 PKCE (Proof Key for Code Exchange)
Web and mobile applications requiring users to enter credentials into a user login page, which then authenticates to the Faspex server. For details, see Configuring OAuth 2 for user-based workflows.
Note: The Faspex UI acts as an OAuth 2 client to authenticate to the Faspex API server. The Faspex UI is a pre-registered OAuth 2 client.
OAuth 2 JWT (JSON Web Token Grant)
Non-web applications that do not require access to user-protected endpoints, such as an application that monitors background jobs. For details, see Configuring OAuth 2 for non-user-based workflows (JWT).
To register an OAuth 2 client:
  1. Go to Configurations > API clients.
  2. Click Create new.
  3. Fill out the form.
    Field Description Required for OAuth 2 Required for OAuth 2 with SAML Required for OAuth 2 PKCE Required for OAuth 2 JWT
    Name Name to differentiate the API client in Faspex. X X X X
    Allow implicit grant Allow an application to get an access token without an intermediate code exchange step. X     Not available when Enable JWT grant type is enabled.
    Redirect URIs List of allowed URIs that the API client can redirect an application to (designated in application API call) X X X  
    Origins

    List of URIs or protocol-host-port of the client app initial login page, from which the user must arrive to the authentication flow.

    		 X      
    Access token expiration The maximum duration of an active session unless the refresh token duration (see following parameter) is configured to extend the session. Without refresh tokens, users must re-authenticate when the login token expires. X X X X
    All users can use this client to access the API Enable to allow the API client to request access as any Faspex user. Disable to allow the API client to request access as specifically listed users only.        
    Allow refresh token

    Defines the maximum duration that an active login session can be extended.

    		        
    Key Public key (in .pem format) used to verify a JWT payload. X X   X