Implementing oAuth in WM9.0 to invoke WM web service

Hi ,

Has any one implemented webMethods web service invocation with oAuth Authentication.

I developed a web service and I want to configure the oAuth security to invoke this.

Can you please advise.I referred the documentation ,but i am not clear with the implementation.



I am not sure if you are still facing this problem. I have written a small tutorial on how to configure OAuth security for webMethods services

Hope this helps.


Interesting…Thanks for sharing this article indeed it will help the community!!


Hi Yogesh,

Thanks for sharing this info.Actually I was able to implement this flow.But my requirement was not convincing with this design.

As per this when the client sends the access token request(authorization) ,he has to wait for the Authorization server to Accept/approve it.Which is manual process.
If so how can he initiate a actual business request using the access token with out doing manual work.

Does the client have to wait until it gets approved by Authorization server ?

Is this how OAuth works ?

I have a Vendor who is providing oauth token when I pass him username and password.There is no manual approval process involved in it.I am using the oAuth token to call
his web serivce to get the data.It is like a 2 http calls one after other from Client point of view.

Can’t we implement the similar functionality from webMethods ?

Hello Sridhar,

OAuth supports different authorization grants.

• Authorization Code: used with server-side Applications
• Implicit: used with Mobile Apps or Web Applications (applications that run on the user’s device)
• Resource Owner Password Credentials: used with trusted Applications, such as those owned by the service itself
• Client Credentials: used with Applications API access

Integration Server Supports, Authorization Code/Implicit Grant which are more secured and best suited for Integration use cases.

Mediator Supports Client Credentials which is best suited for API use cases.

This manual process is required for only for getting the authorization confirmed, just like we provide authorization for third part apps using facebook/gmail accounts.

If you feel Client Credentials flow required in Integration Server as well, you can request a Brainstorm request.

Hi Sridhar,

Were you able to figure this out? May we know, your approach for the solution?

Hi Siva,

Please check the comment section in the article shared by Yogesh above.

It has the steps on how to automate the manual approval process.


Hi Siva,

I couldn’t manage to complete this flow,as my requirements are changed in the middle.But I am still not clear with automated approval process with Yogesh’s article.

Please share the solution if you find .

Hello All,
Can anyone help me to provide more details about consuming the API with OAuth2.0? In one of the thread, its mentioned to use the service pub.client.oauth.execueRequest but its not working as expected even after passing the values. <<“Exception”:"API Gateway encountered an error. Error Message: Unable to identify the application for the request - User - Default and Application:null>> is the error that I got even after providing correct client id and secret id. Please do the needful asap.