TIBCO Cloud Mashery API Developer Blog

New feature additions to OAuth Accelerator

We recently added a couple new feature improvements to our OAuth accelerator that will add that extra layer of security to your OAuth implementation

  • All applications that use an API that have OAuth 2.0 enabled will have a field available now to pre-register the redirect URI. While configuring the OAuth accelerator for your API (under API settings), you now have an option to mandate that only calls validated against this pre-registered redirect URI are allowed to access your API.  OAuth API methods createAccessToken and createAuthorizationCode now include these supporting validations as well. For detailed documentation on the OAuth API refer to the documentation section

 

  • You now have an option to configure TTL for refresh tokens as well. By default this is not enabled.