Obtaining tokens

Every client interacting with push must provide a valid access token with the required scopes for making Push REST API calls. A simple example on how to obtain the token and use the push REST API is shown.

About this task

For mobile client applications, IBM MobileFirst™ Platform Foundation SDK orchestrates the OAuth flow so that the mobile push client application obtains a valid access token with the required scope.

Procedure

  1. You will have to POST a request to the URL http(s)://<host>:<port>/mfp/api/az/v1/token to get an access token.
  2. Before you can POST the request, you will need to set the scope parameters in the Body.

    For information on push scopes and the semantics that server applications can use as appropriate when obtaining a token, see Table 1.

    Figure 1. Setting the scope
    Setting the scope
  3. Now set the Authorization header by providing the confidential client credentials. For information on configuring a confidential client, see Confidential clients.
    Figure 2. Provide confidential client credentials for Basic Auth
    Provide confidential client credentials for Basic Auth
    Figure 3. Authorization header value set
    Authorization header value set
  4. Submit the POST request to get the access token.
    Figure 4. Invoking push REST API with access token
    Invoking push REST API with access token

    Access token is obtained and is set as value of the Authorization header in the subsequent push REST API invocation.