OAuth
Resource URI
/services/{serviceId}/securityProfile/oauth
Items in curly braces represent variables.
Description
The OAuth resource allows for the configuration of OAuth 2.0 properties for the API. These properties are specific to the Service although some can be overridden at the Endpoint level.
Resource Schema
| Property | Characteristics | |
|---|---|---|
| accessTokenTtlEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | If enabled, the Access Token will expire after the specified time has passed. | |
| accessTokenTtl | Type | integer |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | Access token expires after the specified time has passed. TTL time is specified in seconds. | |
| accessTokenType | Type | string |
| Sub-type | enum | |
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | enum literals: bearer, mac | |
| allowMultipleToken | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | If enabled, a unique access token will be issued for each access token request regardless of user context. | |
| authorizationCodeTtl | Type | integer |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | Authorization Code will expire after the specified time has passed. TTL time is specified in seconds. | |
| forwardedHeaders | Type | array |
| Sub-type | enum | |
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | enum literals: access-token, client-id, scope, user-context | |
| masheryTokenApiEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | If enabled, Access Token requests will be handled directly by Mashery via a dedicated Endpoint Request endpoint. | |
| refreshTokenEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | Allow developers to refresh tokens. The token can be refreshed when the partner is trusted but the risk lifespan is short. | |
| enableRefreshTokenTtl | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | If enabled, the Refresh Token will expire after the specified TTL. TTL time is specified in seconds. | |
| tokenBasedRateLimitsEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | Limit API calls per access token separately from API key rate limits. | |
| forceOauthRedirectUrl | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | At the time of creating an access token, Mashery will validate that the client application provided a redirect URI field that matches with the callback URL specified during application registration. | |
| forceSslRedirectUrlEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | Allows Mashery to reject the request for authorization codes or access tokens that consist of a redirection URL other than HTTPS. | |
| grantTypes | Type | array |
| Sub-type | enum | |
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | enum literals: authorization_code, implicit, password, client_credentials | |
| macAlgorithm | Type | string |
| Sub-type | enum | |
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | enum literals: hmac-sha-1, hmac-sha-256 | |
| qpsLimitCeiling | Type | integer |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | The throttle limit, i.e. calls per second, is applied to all access tokens granted for the API. | |
| rateLimitCeiling | Type | integer |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | The quota limit is applied to all access tokens granted for the API. | |
| refreshTokenTtl | Type | integer |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | The refresh token gets expired after it crosses the TTL value. | |
| secureTokensEnabled | Type | boolean |
| Sub-type | ||
| Create Rule | Optional | |
| Update Rule | Optional | |
| Fetch Rule | Implicit | |
| Description | To secure the tokens, Mashery stores them using a one-way SHA-256 hashed value. | |
fetch [GET]
Retrieves the identified Security Profile OAuth for the Service Definition.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| serviceId | true | string | Service identifier. |
| fields | false | string | Comma-separated list of property paths to include in response. Each property path is a dot-separated list of object property names. fields=<property\[.property...\]>\[,...\]\[&fields=...\] |
| filter | false | string | Colon-separated name/value pair specifying the name of property whose value must contain the given value (as a substring). Results may also be filtered by nested collections' properties by specifying a dot-separated property path. filter=<property\[.property...\]>:<value>\[&filter=...\] |
| sort | false | string | Comma-separated list of properties to sort by. Only root-level properties are supported. Each property name may be optionally followed by :asc or :desc to specify sort direction (defaults to asc). sort=<property\[:(asc\|desc)\]>\[,...\]\[&sort=...\] |
| limit | false | int | Number of objects to return in the result. Defaults to 100. |
| offset | false | int | 0-based index of first object in the list to return. Defaults to 0. |
Returns
Success
Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.
Failure
Array of validation responses
Examples
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json"
Response
[
{
"qpsLimitCeiling": 60,
"grantTypes": "authorization_code",
"enableRefreshTokenTtl": false,
"forceSslRedirectUrlEnabled": true,
"accessTokenTtl": 90,
"masheryTokenApiEnabled": true,
"forceOauthRedirectUrl": true,
"accessTokenTtlEnabled": true,
"tokenBasedRateLimitsEnabled": true,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": false,
"refreshTokenEnabled": false,
"forwardedHeaders": "access-token",
"authorizationCodeTtl": 40,
"refreshTokenTtl": 71,
"secureTokensEnabled": true,
"accessTokenType": "mac",
"rateLimitCeiling": 81
}
]
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json"
Response
[
{
"qpsLimitCeiling": 99,
"grantTypes": "authorization_code",
"enableRefreshTokenTtl": false,
"forceSslRedirectUrlEnabled": false,
"accessTokenTtl": 50,
"masheryTokenApiEnabled": true,
"forceOauthRedirectUrl": false,
"accessTokenTtlEnabled": false,
"tokenBasedRateLimitsEnabled": true,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": false,
"refreshTokenEnabled": false,
"forwardedHeaders": "access-token",
"authorizationCodeTtl": 45,
"refreshTokenTtl": 10,
"secureTokensEnabled": true,
"accessTokenType": "bearer",
"rateLimitCeiling": 18
}
]
create [POST]
Assigns Security Profile OAuth to a Service Definition.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| serviceId | true | string | Service identifier. |
| oauth | true | object | Security Profile OAuth object |
Returns
Success
Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.
Failure
Array of validation responses
Examples
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request POST --data '{"qpsLimitCeiling":89,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":35,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":true,"tokenBasedRateLimitsEnabled":false,"macAlgorithm":"hmac-sha-1","allowMultipleToken":false,"refreshTokenEnabled":false,"forwardedHeaders":"user-context","secureTokensEnabled":false,"refreshTokenTtl":88,"authorizationCodeTtl":51,"accessTokenType":"bearer","rateLimitCeiling":77}
Response
[
{
"qpsLimitCeiling": 79,
"grantTypes": "implicit",
"enableRefreshTokenTtl": true,
"forceSslRedirectUrlEnabled": false,
"accessTokenTtl": 25,
"masheryTokenApiEnabled": false,
"forceOauthRedirectUrl": false,
"accessTokenTtlEnabled": true,
"tokenBasedRateLimitsEnabled": false,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": true,
"refreshTokenEnabled": true,
"forwardedHeaders": "access-token",
"authorizationCodeTtl": 66,
"refreshTokenTtl": 13,
"secureTokensEnabled": false,
"accessTokenType": "mac",
"rateLimitCeiling": 75
}
]
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request POST --data '{"qpsLimitCeiling":65,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":91,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":true,"accessTokenTtlEnabled":false,"tokenBasedRateLimitsEnabled":false,"macAlgorithm":"hmac-sha-1","allowMultipleToken":true,"refreshTokenEnabled":false,"forwardedHeaders":"user-context","secureTokensEnabled":true,"refreshTokenTtl":87,"authorizationCodeTtl":67,"accessTokenType":"bearer","rateLimitCeiling":46}
Response
[
{
"qpsLimitCeiling": 41,
"grantTypes": "client_credentials",
"enableRefreshTokenTtl": true,
"forceSslRedirectUrlEnabled": false,
"accessTokenTtl": 0,
"masheryTokenApiEnabled": false,
"forceOauthRedirectUrl": true,
"accessTokenTtlEnabled": true,
"tokenBasedRateLimitsEnabled": false,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": false,
"refreshTokenEnabled": true,
"forwardedHeaders": "scope",
"authorizationCodeTtl": 53,
"refreshTokenTtl": 73,
"secureTokensEnabled": false,
"accessTokenType": "bearer",
"rateLimitCeiling": 19
}
]
update [PUT]
Updates the Security Profile OAuth assigned to the identified Service Definition.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| serviceId | true | string | Service identifier. |
| oauth | true | object | Security Profile OAuth object |
Returns
Success
Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.
Failure
Array of validation responses
Examples
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request PUT --data '{"qpsLimitCeiling":88,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":false,"accessTokenTtl":88,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":false,"tokenBasedRateLimitsEnabled":true,"macAlgorithm":"hmac-sha-256","allowMultipleToken":true,"refreshTokenEnabled":true,"forwardedHeaders":"access-token","secureTokensEnabled":false,"refreshTokenTtl":76,"authorizationCodeTtl":39,"accessTokenType":"mac","rateLimitCeiling":34}
Response
[
{
"qpsLimitCeiling": 67,
"grantTypes": "password",
"enableRefreshTokenTtl": false,
"forceSslRedirectUrlEnabled": false,
"accessTokenTtl": 72,
"masheryTokenApiEnabled": true,
"forceOauthRedirectUrl": true,
"accessTokenTtlEnabled": true,
"tokenBasedRateLimitsEnabled": false,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": true,
"refreshTokenEnabled": true,
"forwardedHeaders": "scope",
"authorizationCodeTtl": 57,
"refreshTokenTtl": 24,
"secureTokensEnabled": true,
"accessTokenType": "bearer",
"rateLimitCeiling": 52
}
]
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request PUT --data '{"qpsLimitCeiling":66,"grantTypes":"implicit","enableRefreshTokenTtl":true,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":55,"masheryTokenApiEnabled":true,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":true,"tokenBasedRateLimitsEnabled":true,"macAlgorithm":"hmac-sha-1","allowMultipleToken":false,"refreshTokenEnabled":true,"forwardedHeaders":"access-token","secureTokensEnabled":false,"refreshTokenTtl":62,"authorizationCodeTtl":1,"accessTokenType":"mac","rateLimitCeiling":95}
Response
[
{
"qpsLimitCeiling": 83,
"grantTypes": "password",
"enableRefreshTokenTtl": false,
"forceSslRedirectUrlEnabled": true,
"accessTokenTtl": 54,
"masheryTokenApiEnabled": false,
"forceOauthRedirectUrl": true,
"accessTokenTtlEnabled": true,
"tokenBasedRateLimitsEnabled": true,
"macAlgorithm": "hmac-sha-1",
"allowMultipleToken": false,
"refreshTokenEnabled": true,
"forwardedHeaders": "access-token",
"authorizationCodeTtl": 9,
"refreshTokenTtl": 81,
"secureTokensEnabled": true,
"accessTokenType": "mac",
"rateLimitCeiling": 70
}
]
delete [DELETE]
Deletes the Security Profile OAuth assigned to the identified Service Definition.
Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| serviceId | true | string | Service identifier. |
Returns
Success
Empty response
Failure
Array of validation responses
Examples
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request DELETE
Response
[
""
]
Request
curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request DELETE
Response
[
""
]
Docs Navigation
- API Documentation Portal
- IO Docs Definition
- Mashery API Documentation
- Mashery 3.0 API Guide
- Mashery 2.0 API Guide
- OAuth Supporting Methods
- Examples
- JSON RPC
- Authentication
- API Objects
- Fetching Objects
- Query Language
- Creating Objects
- Updating Objects
- Validating Fields
- Deleting Objects
- Applications
- General Object Methods
- Members
- Packages
- Plans
- Package Keys
- Keys
- Developer Classes
- Services
- Roles
- Mashery 2.0 Reporting API Guide
- Event Trigger API
- Differences between Roles and Portal Access Groups
- Managing a Portal Access Group Using Mashery V2 or V3 API
- Mashery Reporting Event Post API Guide
- Tips and Tricks
- Your Portal
- API Traffic Manager
- I/O Docs WSDL requirements