API configuration

Configure API access

The Token Server offers several APIs to integrate Token Server processes with existing systems. Access to the APIs can be managed via API clients. Per API client a client id (username) and client secret (password) can be configured. In the communication with the APIs one of the following authentication methods should be used:

  • HTTP Basic Authentication
  • url encoded form with client credentials (for HTTP POST requests) See OAuth Client Password for the full specification.

The API clients can be configured in the admin console: Configuration > System > API clients.

api configuration

Per API client can be specified which API(s) can be accessed. This gives the opportunity to provide external systems using the Token Server APIs only access to a certain function. Currently the access can be granted to the following APIs:

On top of basic authentication via API clients we advise to create an IP white list for the /oauth/api endpoint, so only selected machines in the corporate network have access to these APIs.