What is it?
API Management is the administrative page for managing and configuring 3rd party API clients. This page is only available to ASAs (Authorized Service Administrators). When a 3rd party client wants to use the Oasis API to interact with your data, you will need to create an API client. The API client will be created with a unique client ID and client secret.
When configuring the API client, you will choose what grant types the 3rd party client are authorized to use. The following are the available grant types:
- Authorization Code
- Resource Owner Password Credentials
- Client Credentials
- Refresh Token
If the Authorization Code or Implicit grant type is enabled, you will need to configure the API client with at least one redirect URI. These redirect URIs will be provided by the 3rd party client's developer implementing the integration with the API.
If the Client Credentials grant type is enabled, you will need to select which groups are assigned to this grant type. The access token that is issued through the Client Credentials grant type will have the permissions of the selected groups. Typically you would select your administrative group.
How to Access
Navigate to Settings > Account Settings and click on the "API Management" link.
API Client List
The main page of API Management displays the list of API clients configured for your organization and the client ID and client secret for each API client. The client ID and client secret are what you would provide to the 3rd party client's developer. This page also includes links to create, edit and delete clients, and regenerate the client secret.
Creating an API Client
To create a new API client, click the "Create API Client" button from the main API Management page.
Enter a name that describes this integration or the 3rd party client.
Once you click Create API Client, the API client will be created and you will be directed to the API client configuration page.
Configuring an API Client
The API client configuration page is displayed after initially creating an API client or when editing an existing API client.
To edit an exiting client, hover over the API client you want to modify and click the Edit button that appears.
Name, Client ID and Client Secret
The top-left section client of the configuration page displays the API client name, client ID and client secret. You can edit the name but the client ID and client secret are not editable. If you need to regenerate the client secret, you can use the "Regenerate Secret" link from the main API Management page.
Select the scopes that this API client is authorized to use. All API tokens will have read enabled. In order to make any updates through the API, the write permission must be selected.
Selecting Authorized Grant Types
Select the grant types that this API client is authorized to use. For a more detailed description of the grant types, see the the API Authorization page.
Configuring Redirect URIs
If you have enabled the Authorization Code or Implicit grant type, you will need to add at least one redirect URI. Redirect URIs must be a properly formatted URI starting with "http://" or "https://". Redirect URIs are provided by the 3rd party client's developer.
Adding a Redirect URI
To add a new redirect URI, enter the new URI in the box pictured below, then click the "Add a Redirect URI" button.
Editing a Redirect URI
To edit an existing redirect URI, hover over the URI you want to modify, then click the "Edit" button.
Deleting a Redirect URI
To delete an existing redirect URI, click the "Delete" link next to the redirect URI you want to delete. This button is pictured next to the Edit button in the above screenshot.
If you have enabled the Client Credentials grant type, select the groups that will be associated with the access token issued through this grant type. The access token will have the cumulative permissions of all the groups that are selected. Typically you would select your administrative group.
Deleting an API Client
To delete an existing API Client, click the "Delete" link next to the API client you want to delete and click the "Delete" button in the confirmation modal. Once an API client is deleted, any 3rd party integrations using the old client ID will immediately stop working.
Regenerating the Client Secret
To regenerate the client secret for an exiting API client, click the "Regenerate Secret" link next to the API client and click "Save" in the confirmation modal. Once the client secret has been regenerated, any 3rd party integrations using the old client secret will immediately stop working. You will need to provide the new client secret to the 3rd party client's developer.