OAuth

Resource URI

/services/{serviceId}/securityProfile/oauth

Items in curly braces represent variables.

Description

The OAuth resource allows for the configuration of OAuth 2.0 properties for the API. These properties are specific to the Service although some can be overridden at the Endpoint level.

Resource Schema

Property Characteristics
accessTokenTtlEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description If enabled, the Access Token will expire after the specified time has passed.
accessTokenTtl Type integer
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description Access token expires after the specified time has passed. TTL time is specified in seconds.
accessTokenType Type string
Sub-type enum
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description enum literals: bearer, mac
allowMultipleToken Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description If enabled, a unique access token will be issued for each access token request regardless of user context.
authorizationCodeTtl Type integer
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description Authorization Code will expire after the specified time has passed. TTL time is specified in seconds.
forwardedHeaders Type array
Sub-type enum
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description enum literals: access-token, client-id, scope, user-context
masheryTokenApiEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description If enabled, Access Token requests will be handled directly by Mashery via a dedicated Endpoint Request endpoint.
refreshTokenEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description Allow developers to refresh tokens. The token can be refreshed when the partner is trusted but the risk lifespan is short.
enableRefreshTokenTtl Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description If enabled, the Refresh Token will expire after the specified TTL. TTL time is specified in seconds.
tokenBasedRateLimitsEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description Limit API calls per access token separately from API key rate limits.
forceOauthRedirectUrl Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description At the time of creating an access token, Mashery will validate that the client application provided a redirect URI field that matches with the callback URL specified during application registration.
forceSslRedirectUrlEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description Allows Mashery to reject the request for authorization codes or access tokens that consist of a redirection URL other than HTTPS.
grantTypes Type array
Sub-type enum
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description enum literals: authorization_code, implicit, password, client_credentials
macAlgorithm Type string
Sub-type enum
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description enum literals: hmac-sha-1, hmac-sha-256
qpsLimitCeiling Type integer
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description The throttle limit, i.e. calls per second, is applied to all access tokens granted for the API.
rateLimitCeiling Type integer
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description The quota limit is applied to all access tokens granted for the API.
refreshTokenTtl Type integer
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description The refresh token gets expired after it crosses the TTL value.
secureTokensEnabled Type boolean
Sub-type
Create Rule Optional
Update Rule Optional
Fetch Rule Implicit
Description To secure the tokens, Mashery stores them using a one-way SHA-256 hashed value.

fetch [GET]

Retrieves the identified Security Profile OAuth for the Service Definition.

Parameters

Parameter Required Type Description
serviceId true string Service identifier.
fields false string Comma-separated list of property paths to include in response. Each property path is a dot-separated list of object property names. fields=<property\[.property...\]>\[,...\]\[&fields=...\]
filter false string Colon-separated name/value pair specifying the name of property whose value must contain the given value (as a substring). Results may also be filtered by nested collections' properties by specifying a dot-separated property path. filter=<property\[.property...\]>:<value>\[&filter=...\]
sort false string Comma-separated list of properties to sort by. Only root-level properties are supported. Each property name may be optionally followed by :asc or :desc to specify sort direction (defaults to asc). sort=<property\[:(asc\|desc)\]>\[,...\]\[&sort=...\]
limit false int Number of objects to return in the result. Defaults to 100.
offset false int 0-based index of first object in the list to return. Defaults to 0.

Returns

Success

Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.

Failure

Array of validation responses

Examples

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" 

Response

[
    {
        "qpsLimitCeiling": 60,
        "grantTypes": "authorization_code",
        "enableRefreshTokenTtl": false,
        "forceSslRedirectUrlEnabled": true,
        "accessTokenTtl": 90,
        "masheryTokenApiEnabled": true,
        "forceOauthRedirectUrl": true,
        "accessTokenTtlEnabled": true,
        "tokenBasedRateLimitsEnabled": true,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": false,
        "refreshTokenEnabled": false,
        "forwardedHeaders": "access-token",
        "authorizationCodeTtl": 40,
        "refreshTokenTtl": 71,
        "secureTokensEnabled": true,
        "accessTokenType": "mac",
        "rateLimitCeiling": 81
    }
]

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" 

Response

[
    {
        "qpsLimitCeiling": 99,
        "grantTypes": "authorization_code",
        "enableRefreshTokenTtl": false,
        "forceSslRedirectUrlEnabled": false,
        "accessTokenTtl": 50,
        "masheryTokenApiEnabled": true,
        "forceOauthRedirectUrl": false,
        "accessTokenTtlEnabled": false,
        "tokenBasedRateLimitsEnabled": true,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": false,
        "refreshTokenEnabled": false,
        "forwardedHeaders": "access-token",
        "authorizationCodeTtl": 45,
        "refreshTokenTtl": 10,
        "secureTokensEnabled": true,
        "accessTokenType": "bearer",
        "rateLimitCeiling": 18
    }
]

create [POST]

Assigns Security Profile OAuth to a Service Definition.

Parameters

Parameter Required Type Description
serviceId true string Service identifier.
oauth true object Security Profile OAuth object

Returns

Success

Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.

Failure

Array of validation responses

Examples

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request POST --data '{"qpsLimitCeiling":89,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":35,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":true,"tokenBasedRateLimitsEnabled":false,"macAlgorithm":"hmac-sha-1","allowMultipleToken":false,"refreshTokenEnabled":false,"forwardedHeaders":"user-context","secureTokensEnabled":false,"refreshTokenTtl":88,"authorizationCodeTtl":51,"accessTokenType":"bearer","rateLimitCeiling":77}

Response

[
    {
        "qpsLimitCeiling": 79,
        "grantTypes": "implicit",
        "enableRefreshTokenTtl": true,
        "forceSslRedirectUrlEnabled": false,
        "accessTokenTtl": 25,
        "masheryTokenApiEnabled": false,
        "forceOauthRedirectUrl": false,
        "accessTokenTtlEnabled": true,
        "tokenBasedRateLimitsEnabled": false,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": true,
        "refreshTokenEnabled": true,
        "forwardedHeaders": "access-token",
        "authorizationCodeTtl": 66,
        "refreshTokenTtl": 13,
        "secureTokensEnabled": false,
        "accessTokenType": "mac",
        "rateLimitCeiling": 75
    }
]

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request POST --data '{"qpsLimitCeiling":65,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":91,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":true,"accessTokenTtlEnabled":false,"tokenBasedRateLimitsEnabled":false,"macAlgorithm":"hmac-sha-1","allowMultipleToken":true,"refreshTokenEnabled":false,"forwardedHeaders":"user-context","secureTokensEnabled":true,"refreshTokenTtl":87,"authorizationCodeTtl":67,"accessTokenType":"bearer","rateLimitCeiling":46}

Response

[
    {
        "qpsLimitCeiling": 41,
        "grantTypes": "client_credentials",
        "enableRefreshTokenTtl": true,
        "forceSslRedirectUrlEnabled": false,
        "accessTokenTtl": 0,
        "masheryTokenApiEnabled": false,
        "forceOauthRedirectUrl": true,
        "accessTokenTtlEnabled": true,
        "tokenBasedRateLimitsEnabled": false,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": false,
        "refreshTokenEnabled": true,
        "forwardedHeaders": "scope",
        "authorizationCodeTtl": 53,
        "refreshTokenTtl": 73,
        "secureTokensEnabled": false,
        "accessTokenType": "bearer",
        "rateLimitCeiling": 19
    }
]

update [PUT]

Updates the Security Profile OAuth assigned to the identified Service Definition.

Parameters

Parameter Required Type Description
serviceId true string Service identifier.
oauth true object Security Profile OAuth object

Returns

Success

Security Profile OAuth for the Service If fields request parameter is not included, only those fields with "Fetch Rule" equal to "Implicit" will be returned. Otherwise, the fields contained in the URL parameter will be included in the response.

Failure

Array of validation responses

Examples

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request PUT --data '{"qpsLimitCeiling":88,"grantTypes":"password","enableRefreshTokenTtl":false,"forceSslRedirectUrlEnabled":false,"accessTokenTtl":88,"masheryTokenApiEnabled":false,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":false,"tokenBasedRateLimitsEnabled":true,"macAlgorithm":"hmac-sha-256","allowMultipleToken":true,"refreshTokenEnabled":true,"forwardedHeaders":"access-token","secureTokensEnabled":false,"refreshTokenTtl":76,"authorizationCodeTtl":39,"accessTokenType":"mac","rateLimitCeiling":34}

Response

[
    {
        "qpsLimitCeiling": 67,
        "grantTypes": "password",
        "enableRefreshTokenTtl": false,
        "forceSslRedirectUrlEnabled": false,
        "accessTokenTtl": 72,
        "masheryTokenApiEnabled": true,
        "forceOauthRedirectUrl": true,
        "accessTokenTtlEnabled": true,
        "tokenBasedRateLimitsEnabled": false,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": true,
        "refreshTokenEnabled": true,
        "forwardedHeaders": "scope",
        "authorizationCodeTtl": 57,
        "refreshTokenTtl": 24,
        "secureTokensEnabled": true,
        "accessTokenType": "bearer",
        "rateLimitCeiling": 52
    }
]

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request PUT --data '{"qpsLimitCeiling":66,"grantTypes":"implicit","enableRefreshTokenTtl":true,"forceSslRedirectUrlEnabled":true,"accessTokenTtl":55,"masheryTokenApiEnabled":true,"forceOauthRedirectUrl":false,"accessTokenTtlEnabled":true,"tokenBasedRateLimitsEnabled":true,"macAlgorithm":"hmac-sha-1","allowMultipleToken":false,"refreshTokenEnabled":true,"forwardedHeaders":"access-token","secureTokensEnabled":false,"refreshTokenTtl":62,"authorizationCodeTtl":1,"accessTokenType":"mac","rateLimitCeiling":95}

Response

[
    {
        "qpsLimitCeiling": 83,
        "grantTypes": "password",
        "enableRefreshTokenTtl": false,
        "forceSslRedirectUrlEnabled": true,
        "accessTokenTtl": 54,
        "masheryTokenApiEnabled": false,
        "forceOauthRedirectUrl": true,
        "accessTokenTtlEnabled": true,
        "tokenBasedRateLimitsEnabled": true,
        "macAlgorithm": "hmac-sha-1",
        "allowMultipleToken": false,
        "refreshTokenEnabled": true,
        "forwardedHeaders": "access-token",
        "authorizationCodeTtl": 9,
        "refreshTokenTtl": 81,
        "secureTokensEnabled": true,
        "accessTokenType": "mac",
        "rateLimitCeiling": 70
    }
]

delete [DELETE]

Deletes the Security Profile OAuth assigned to the identified Service Definition.

Parameters

Parameter Required Type Description
serviceId true string Service identifier.

Returns

Success

Empty response

Failure

Array of validation responses

Examples

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request DELETE

Response

[
    ""
]

Request

curl -k 'https://api.mashery.com/v3/rest/services/0fcc39d1c7ee470780e6cbe6/securityProfile/oauth' -H "Authorization: Bearer <insert your token here>" -H "Content-Type:application/json" --request DELETE

Response

[
    ""
]

Docs Navigation