Secure API Manager requires that you have Access Manager installed and deployed before you deploy Secure API Manager. There are IDs and tokens in Access Manager that Secure API Manager requires for you to complete the deployment.
You must create an OAuth2 application in Access Manager that allows Secure API Manager to perform OAuth2 administrative tasks on behalf of the Secure API Manager administrator. These tasks include creating, modifying, and deleting additional OAuth2 client applications (called Applications in Secure API Manager). The OAuth application also validates access tokens from the APIs. This administrative Access Manager OAuth2 client application should not be confused with the Access Manager OAuth2 client applications that you create for API grouping.
Secure API Manager is an OAuth client that retrieves the OAuth token from the OAuth application that you create in Access Manager. The Access Manager documentation contains a graphic that depicts how to implement OAuth in Access Manager. The first step of the implementation process states that you must develop a web application or REST service. The APIs in Secure API Manager are the web applications and REST services. For more information, see Implementing OAuth in Access Manager
in the NetIQ Access Manager 4.5 Administration Guide.
Secure API Manager contains a Deployment Manager that walks you through deploying the different components. During the deployment of the components, you configure Secure API Manager to access your Identity Server to provide and validate the access tokens for the APIs.
There are multiple steps required to integrate Secure API Manager and Access Manager. Use the following information to create the OAuth2 application in Access Manager. You must complete these steps before deploying Secure API Manager.