2.7 Configure OAuth in Access Manager for API Authorizations

Secure API Manager uses the OAuth applications in Access Manager to authorize access to the APIs. Without the authorization process to protect the APIs, anyone or anything can access and use the APIs. The API developers that subscribe to the APIs select an Access Manager OAuth clients to provide the tokens for the authorizations. To allow Secure API Manager to use the OAuth services in Access Manager, you must perform some configuration tasks in Access Manager.

2.7.1 Enable and Configure OAuth in Access Manager

Secure API Manager requires that you have enabled and configured OAuth for the API authorizations to work. To enable and configure OAuth in Access Manager is a multi-step process. Follow the steps documented in the Access Manager documentation to properly enable and configure OAuth in Access Manager.

2.7.2 Configure the Minimum Required Global OAuth Settings in Access Manager

Secure API Manager uses Access Manager OAuth 2 applications to provide the authorizations for the APIs. The authorizations for the APIs allow you to secure access to the APIs and see who or what has used the APIs. You configured the OAuth global settings when you configured OAuth for Access Manager. Secure API Manager requires a minimum set of the Access Manager global settings for OAuth to be configured to allow the API authorizations to work.

You configure the global OAuth setting for each Identity Server cluster. To access the global settings, on the Access Manager Dashboard, click Devices > Identity Servers > IDP Cluster

The minimum set of global settings for Secure API Manager is as follows:

  • Grant Types: Authorization Code, Resource Owner Credentials, Client Credentials

  • Token Types: Access Token

IMPORTANT:To support Resource Owner Credentials, you must select a valid authentication contract in the Contracts for Resource Owner Credentials Authentication section.