As previously stated, the client (typically an application) interacts with the resource (API) on the resource owner’s (typically the end user) behalf. From the earlier example, the client is the application developed/owned by the healthcare provider. The resource is the service, exposed by the medical lab, that fetches the resource owner’s lab results from the lab provider’s backend systems. Before a client can attempt to access resource(s) on the resource owner’s behalf, the following needs to happen:
- Registration of the client with the resource server.
- The client should have a unique client ID and client secret for authenticating with the authorization server.
- The client should subscribe to the resources that it intends to access on the resource owner’s behalf.
You will perform the client’s configuration in the Sandbox catalog. Typically, a client belongs to a Consumer Organization. Client creation is managed by the consumer organization’s administrators. Since you do not have a consumer organization set up yet on the developer portal, you will use the API Manager functionality to perform the required configuration:
- Go to the Home screen | Manage catalogs | Sandbox | Consumers. Click the Add button. Choose the Create organization option.
- Create a new consumer organization by providing values as per Table 7.5 and click Create:
Table 7.5 – Consumer organization creation
Once an organization is created, you can refresh the Consumers tab to view your newly created organization. Refer to Figure 7.17:
Figure 7.17 – Consumer organizations and applications
3. You will now perform the important step of creating a client (application) and assigning it to the sandbox-corg consumer organization. In APIC, a client is also called an application. Creating an application registers that application with the resource server. Go to the Applications tab (refer to Figure 7.18). Click Add. Provide values as per Table 7.6 and click Create:
Table 7.6 – Client (application) creation
The system will provide a unique set of Client ID and Client secret values (refer to Figure 7.18). Ensure that you copy and store them safely. It is not possible to retrieve the client secret value after this. Close the Credentials view.
Figure 7.18 – Client/Application credentials
Once the application is created, you can refresh the Applications tab to view your newly created application.
You will now need to create a Subscription for the corg-app application to the resources that it is going to access.
4. On the Applications tab, open the corg-app application menu (the three dots) and select the Create Subscription option from the menu. Refer to item 1 of Figure 7.19:
Figure 7.19 – Creating an Application Subscription
5. On the next screen, select the Plan that corresponds to your API (patient-information 1.0.0) and click Create Subscription. Refer to Figure 7.20:
Figure 7.20 – Select a Plan to create an application subscription
Click on the Refresh button on the Application tab. You can view the corg-app application’s subscription through the View Subscriptions menu option. Refer to item 4 of Figure 7.20.
You have completed all the necessary configurations for securing your API with OAuth security. The configuration involved steps for creating an OAuth provider, assigning the provider to a catalog, enabling API with the OAuth security definition, and finally configuring a client that can access the API. After all these steps, the API is ready to be tested and you are now going do so.
Leave a Reply