Encode the client credentials as follows: | Localtabgroup |
|---|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| | Code Block |
|---|
echo -n <USERNAME>:<PASSWORD> | base64 |
Example: | Code Block |
|---|
echo -n admin:admin | base64 |
The response: | Code Block |
|---|
YWRtaW46YWRtaW4= |
|
|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| | Code Block |
|---|
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"<USERNAME>:<PASSWORD>\")) |
Example: | Code Block |
|---|
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"admin:admin\")) |
The response: | Code Block |
|---|
YWRtaW46YWRtaW4= |
|
|
|
Generate the Client ID and the Secret ID. | Localtabgroup |
|---|
| Localtab |
|---|
| active | true |
|---|
| title | cURL command |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| App publisher | Code Block |
|---|
curl -X POST -H "Authorization: Basic <BASE 64 ENCODED USERNAME:PASSWORD>" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_publisher","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://<IOTS_HOST>:<IOTS_HTTP_PORT>/client-registration/v0.11/register |
App store | Code Block |
|---|
curl -X POST -H "Authorization: Basic <BASE 64 ENCODED USERNAME:PASSWORD>" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_store","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://<IOTS_HOST>:<IOTS_HTTP_PORT>/client-registration/v0.11/register |
| Info |
|---|
- The base 64 encoded
USERNAME :PASSWORD must be the username and password that you use to sign in to WSO2 IoT Server. Else, you will not be able to get the client_id and client_secret as the response. - The APIs that fall under different categories are grouped using tags. You subscribe to the API group by the tag you define in the cURL command.
For example, the device_management tag is used to group all the device management APIs including those that belong to the device type APIs.
To know about the available tags and the APIs grouped under each tag, navigate to the API Cloud Store, click on the available tags in the left side panel.
|
Sample response: | Code Block |
|---|
{"clientId":"xxxxxxxxxxxxxxxxxxxx","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"xxxxxxxxxxxxxxxxxxxx","isSaasApplication":true,"appOwner":null,"jsonString":"{\"grant_types\":\"password refresh_token\"}"} |
|
|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| App publisher | Code Block |
|---|
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_publisher","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://localhost:9763/client-registration/v0.11/register |
App store | Code Block |
|---|
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"callbackUrl":"www.google.lk","clientName":"rest_api_store","tokenScope":"Production","owner":"admin","grantType":"password refresh_token","saasApp":true}' http://localhost:9763/client-registration/v0.11/register |
Sample response: | Code Block |
|---|
{"clientId":"xEzeKlC81KYBVJfg65YBkikR6yYa","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"pd8ypwhnKRBw4hT1M1Ht0yti4uYa","isSaasApplication":true,"appOwner":null,"jsonString":"{\"grant_types\":\"password refresh_token\"}"} |
|
|
|
Encode the client credentials as follows: | Localtabgroup |
|---|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| | Code Block |
|---|
echo -n <CLIENT_ID>:<CLIENT_SECRET> | base64 |
Example: | Code Block |
|---|
echo -n f8fc0aI14DPrQ_DwkpSau1LGdwAa:p8g_rFXtbPjl5pGMJe4bNd5fwSEa | base64 |
The response: | Code Block |
|---|
cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh |
|
|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| | Code Block |
|---|
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"<CLIENT_ID>:<CLIENT_SECRET>\")) |
Example: | Code Block |
|---|
powershell "[convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(\"f8fc0aI14DPrQ_DwkpSau1LGdwAa:p8g_rFXtbPjl5pGMJe4bNd5fwSEa\")) |
The response: | Code Block |
|---|
cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh |
|
|
|
Generate the access token using the following command: | Localtabgroup |
|---|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| | Code Block |
|---|
curl -k -d "grant_type=password&username=<IOTS_USERNAME>&password=<IOTS_PASSWORD>&scope=<API_SCOPE>" -H "Authorization: Basic <BASE64_ENCODED_CLIENT_ID_AND_CLIENT_SECRET>" https://<IOTS_HOST>:<IOTS_HTTP_HOST>/oauth2/token |
| Info |
|---|
The permission to invoke the APIs are assigned via the scope defined in each API. You can define all the scopes to generate an access token so you can invoke all the APIs or you can generate an access token that only has the required scope to invoke a specific API. For more information on all the device management API scopes, click on the publisher or store API links given below, click on the API you want to execute and use the scope defined for that API.
Example:
 |
|
|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 1 |
|---|
| Generate the access token for the user having the username admin and password andpassword admin, and using the default WSO2 IoT Server host, which is localhost and the default HTTP port, which is 9763. In this example, we are generating an access token that has access to all the device management scopes. | Code Block |
|---|
curl -k -d "grant_type=password&username=admin&password=admin&scope=appm:read" -H "Authorization: Basic EV6ZUtsQzgxS1lCVkpmZzY1WUJraWtSNnlZYTpwZDh5cHdobktSQnc0aFQxTTFIdDB5dGk0dVlh" https://localhost:9763/oauth2/token |
The response: | Code Block |
|---|
{"access_token":"71885e4e-ae31-3195-9025-f116a82bc460","refresh_token":"22ef113d-1093-378e-a3f8-24369e3114c5","scope":"appm:read","token_type":"Bearer","expires_in":3600} |
|
|
|
| Note |
|---|
The access token you generated expires in an hour. After it expires you can generate a new access token using the refresh token as shown below. |
Generating the new access token using the refresh token. | Localtabgroup |
|---|
| Localtab |
|---|
| active | true |
|---|
| title | cURL command |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 2 |
|---|
| | Code Block |
|---|
curl -k -d "grant_type=refresh_token&refresh_token=<THE REFRESH TOKEN>&scope=PRODUCTION" -H "Authorization: Basic <BASE 64 ENCODED CLIENT_ID:CLIENT_SECRET>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token |
|
|
| Localtab |
|---|
| | Panel |
|---|
| borderColor | #11375B |
|---|
| bgColor | #ffffff |
|---|
| borderWidth | 2 |
|---|
| | Code Block |
|---|
curl -k -d "grant_type=refresh_token&refresh_token=3trtg45-64t5-1693-gr56-6th5356r4tr5&scope=PRODUCTION" -H "Authorization: Basic cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token |
The response: | Code Block |
|---|
{"access_token":"237bfc64-9567-3edf-9ad6-3795d37fa368","refresh_token":"62e597b3-0960-39c0-894f-7056fcdf2dc6","scope":"appm:read","token_type":"Bearer","expires_in":3600} |
|
|
|
|