Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version 7

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The admin user needs to send a request to the WSO2 Dynamic Client Registration Endpoint manually. For more details on the request format, see the Store REST API documentation. You can use curl or a simple REST client to send this request.

    Make sure to use the email of the admin user in the payload. Invoke the dynamic client registration endpoint with the credentials of an admin user to obtain the client id and secret for the admin user, since you need a user with more privileges to perform these actions, due to security concerns.

  2. The dynamic client registration endpoint will return the client id and client secret of the admin user in the response. A sample response is given below.

    Code Block
    {
    "callBackURL": "www.google.lk",
    "jsonString":
    "{
    \"username\":\"email_username@Org_key\",
    \"redirect_uris\":\"www.google.lk\",
    \"tokenScope\":[Ljava.lang.String;@3a73796a,
    \"client_name\":\"admin_rest_api_store\",
    \"grant_types\":\"authorization_code password refresh_token iwa:ntlm
    urn:ietf:params:oauth:grant-type:saml2-bearer client_credentialsimplicit\"
    }",
    "clientName": null,
    "clientId": "HfEl1jJPdg5tbtrxhAwybN05QGoa",
    "clientSecret": "l6c0aoLcWR3fwezHhc7XoGOht5Aa"
}
  3. Store the client id and client secret in your backend application as a configuration reference.
Tipinfo

We recommend the best practice of storing the obtained client id and the client secret as environment variables within your backend application, as these are reused for all other API calls listed in the previous section. You need to only do this step once manually and store them. Read the FAQ on how to use environment variables in the integration cloud. Alternately, you can choose to use a property file or other secure mechanisms to store this information.

...

Admin REST APIs and subscriber login functions

Notetip
titleBefore you begin...

Make sure you have completed the prerequisite. The client id and secret of the admin user needs to be retrieved only once and stored within your backend application. If you have done this already, proceed with the steps listed below.

...

Store APIs invoked by subscribers

Notetip
titleBefore you begin...

Make sure you have logged the user(subscriber) in and then stored the token in the cache or any other storage mechanism against the user’s email.

...