webMethods Developer Portal trying out an OAuth2 Protected API


In this tutorial you will be learning how to request for OAuth token to try out an OAuth2 protected API from webMethods Developer Portal try out page.


The tutorial assumes that the reader has:

  • a basic understanding of API Gateway’s its policy enforcement and webMethods Developer Portal
  • a basic knowledge on OAuth 2 authentication framework

In this tutorial the basic details of how to setup OAuth2 authentication server in API Gateway will be covered. But for more details you could refer the following tutorial OAuth2 in API Gateway

Steps to follow

Step 1: Enable HTTPS port in API Gateway

The OAuth2 token request by default could be invoked via https only. To ensure https port is enabled go to Administration → Security → Ports

Step 2: Configuring local authorization server in API Gateway

Go to Administration → Security→ JWT/OAuth/OpenID

In internal authorization servers, Local authorization server is gateway acting as the authorization server. Click on local. You can see the OAuth configuration, issued OAuth tokens and OAuth scopes.

OAuth scopes: Scopes are the ways to limit the access to the protected resources. Scopes are generally the business uses(say readonly, write, inventory). You can define your own scopes here. Scope is mandatory to map the API or Resource. So i’ll create a scope call Tracker

Step 3: Importing an API into API Gateway and Enforcing OAuth 2

Let me import an API to get latest bitcoin price

Edit an API in API Gateway. Click Edit. Click Identity and Access management. Click Identify and authenticate icon. Tick OAuth2 Token. This procedure will enforce OAuth authorization for this service.

Then Activate an API

Step 4: Linking authorization server scopes to the API Scopes

Now the authorization server has scope Tracker. To provide the meaning to the authorization server scopes. Go to OAuth/OpenID scopes under main menu. Click “Map scope”.

Add the Authorization Server scope

Then Add the API

Step 5: Registering webMethods Developer Portal in API Gateway

Go to Administration → Destinations → API Portal → Configurations. Provide the webMethods Developer Portal communication details and Publish. Note the OAuth2 token request would work only on top of https connection. So ensure you provided https URL of API Gateway

Next publish an API

Step 6: Request an Application for an API from webMethods Developer Portal

Login to webMethods Developer Portal. You must be seeing the published API. Click the API. Click consume button to request new application

The request would create an Application in API Gateway and the credentials would be shared to webMethods Developer Portal

Step 7: Requesting an OAuth token and trying out an API

Now we have an Application, to request OAuth token go to tryout page of an API and select an Application,

Click ‘+’ button. Select the required Grant type and scope. And click Get token

You will be getting this popup with the services to which you want to give access to

Once its approved the page will be closed automatically and you will be able to view the token in webMethods Developer Portal. Now if you hit the send button you will be able to access the API