Skip to content

Authentication and Authorization

The OAuth 2.0 client credentials grant flow is preferred to handle the authentication of integration scenarios in IFS Cloud. The flow validates the application credentials - the client ID and the client secret and provides an access token and a refresh token on successful authentication. This access token can then be used to call APIs and get the relevant data as API responses.

Follow the instructions given below to obtain the access token:

Step 1 - Create a Client

Before you Begin

Make sure you have admin privileges in order to create a new client.

  1. In IFS Cloud, navigate to Solution Manager > Users and Permissions > Identity and Access Manager > IAM Client. Alternatively, search for IAM Client in the search bar.

client_list

  1. Click on the + icon. A pop-up appears to create a new client. plus_icon

  2. Fill the values for Client ID and Description in the Basic panel and Username in the User Group panel as shown below.

Enable Service Accounts and Direct Access Grants in the Basic panel and disable Select from Existing Service Account Users in the User Group panel.

new_client

  1. Click OK.

A new IAM client is created, and a unique client secret is generated.

Step 2 - Obtain the Token Endpoint

  1. In IFS Cloud, navigate to Solution Manager > Integration > API Explorer.

  2. Select a checkbox corresponding to any API that appears in the list.

  3. From the Documentation dropdown that appears above the list, click API Doc.

  4. Expand the AUTHORIZATIONS section and click on the connect URL.

  5. Search for token_endpoint.

The value of token_endpoint will be used as the request/access token URL to obtain the access token and refresh token in the next step.

Step 3 - Configure a New Token

  1. Access Postman and create a new request.
  2. In the Authorization tab, select OAuth 2.0 as the Type from the dropdown.
  3. Select Client Credentials as the Grant Type from the dropdown.
  4. Fill in the corresponding values obtained from the previous steps for Client ID, Access Token URL, and Client Secret.
  5. Enter the scope as openid microprofile-jwt.
  6. Click Get New Access Token.

postman_auth_tab

The access token and refresh token will appear in a pop-up. You can use this access token to authenticate future requests.