How To
Summary
This technote was created to provide sample steps to obtain the bearer token used to invoke the API Connect REST APIs.
Objective
We are referencing API Connect v2018 and v10 Open API Explorer Documentation:
Section of interest "Authentication":
- Obtaining a Client ID and Secret
- Obtaining and Using a Bearer Token
The following are sample steps to obtain the bearer token:
Steps
--------------------------------------------------
Step 1. Obtaining a Client ID and Secret
--------------------------------------------------
a. Create a registration file with name 'apic-registrations-create.json' and add the following content:
{
"name": "l2-app",
"client_id": "l2",
"client_secret": "l2-password",
"client_type": "toolkit"
}
Notes:
Step 1. Obtaining a Client ID and Secret
--------------------------------------------------
a. Create a registration file with name 'apic-registrations-create.json' and add the following content:
{
"name": "l2-app",
"client_id": "l2",
"client_secret": "l2-password",
"client_type": "toolkit"
}
Notes:
- "name" - User provided. The value must be all lowercase. If not, you end up getting errors.
- "client_id" and "client_secret" - The value for these fields can be user provided; enter your required values.
- "client_type" - Using the value "toolkit" worked successfully generating the token, but by using the value "ibm_cloud" failed. We did not try other values and the documentation is not clear on when to use which value (portal, gateway, toolkit, consumer_toolkit, ui, consumer_ui, ibm_cloud, migration, juhu).
b. Log in to the API Connect server as an admin user by using the (toolkit) apic login command:
C:\>apic login
Enter your API Connect credentials
Server? <cloud-manager-hostname>
Realm? admin/default-idp-1
Username? user1
Password?
Logged into <cloud-manager-hostname> successfullyc. Register an application by using the toolkit
C:\>apic registrations:create --server <cloud-manager-hostname> apic-registrations-create.json
Response:
l2-app [state: enabled] https://<cloud-manager-hostname>/api/cloud/registrations/3372084d-75be-4b22-a21f-53ec7aaxxxxx--------------------------------------------------
Step 2. Obtaining the Bearer Token
--------------------------------------------------
Structure of JSON payload for obtaining token
{
"username": "<APIC-user-making-request>",
"password": "<APIC-user-making-request>",
"realm": "provider/default-idp-2",
"client_id": "l2",
"client_secret": "l2-password",
"grant_type": "password"
}
Notes:
Step 2. Obtaining the Bearer Token
--------------------------------------------------
Structure of JSON payload for obtaining token
{
"username": "<APIC-user-making-request>",
"password": "<APIC-user-making-request>",
"realm": "provider/default-idp-2",
"client_id": "l2",
"client_secret": "l2-password",
"grant_type": "password"
}
Notes:
- "realm" - The user registry in which the APIC user credentials are held
- "client_id" and "client_secret" - Same values used in 1a. (app registration file - 'apic-registrations-create.json')
cURL command to obtain token (includes the JSON payload):
C:\>curl -v -k --data "{\"username\": \"l2user\", \"password\": \"myPassword\", \"realm\": \"provider/default-idp-2\", \"client_id\": \"l2\", \"client_secret\": \"l2-password\", \"grant_type\": \"password\"}" -H "Content-Type: application/json" -H "Accept: application/json" https://<api-manager-hostname>/api/token
> POST /api/token HTTP/1.1
> Host: <api-manager-hostname>
> User-Agent: curl
> Content-Type: application/json
> Accept: application/json
> Content-Length: 171
>
< HTTP/1.1 200 OK
< Date: Thu, 29 Apr 2021 18:16:46 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 2020
< Connection: keep-alive
< Vary: Accept-Encoding
< X-Request-ID: 0331d3e9a98b721fedf0b8290cxxxxx
< Cache-Control: no-store
< Pragma: no-cache
< Vary: Accept-Encoding
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Access-Control-Allow-Origin: https://<api-manager-hostname>
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
< Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
<
{
"access_token": "CONTENT_OF_TOKEN",
"token_type": "Bearer",
"expires_in": 28800
}* Connection #0 to host <api-manager-hostname> left intact
C:\> Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m50000000CeEGAA0","label":"API Connect->Developer (DV)->Toolkit"},{"code":"a8m0z0000004CvSAAU","label":"API Connect->Management and Monitoring (MM)->REST API"}],"ARM Case Number":"TS005326221","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.0;2018.4.1.0;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
23 June 2021
UID
ibm16450002