On this page

Create API credentials

Explore how to use the Portal frontend app to self-service API key or OAuth credentials to access an API product that you are subscribed to.

notifications

All self-service features in the frontend app can be accessed only if you set up a secure login for the frontend app. These features are hidden without a secure login. For more information, see Set up a secure login.

notifications

To allow Portal users to self-service API credentials, the Portal admin must set up credential management in the portal frontend. For more information, see Set up credential management for APIs.

You can choose between the following credential types to gain access to your apps. Note that the type of credential that you need to use is dependant on the auth method that the Portal admin set up for the API product.

API keys
OAuth client

API keys

You can create API keys in the Portal frontend app to access the API product that you are subscribed to.

The following restrictions apply:

API keys are connected to an app that is owned by a team.
API keys can be created by authorized Portal users only. Portal admins cannot create API keys in the Portal frontend.
The API key value is shown only at creation time and cannot be retrieved afterwards.
Members of the team can delete API keys.
API keys that are created via the frontend app are valid only if the Portal admin set up a corresponding AuthConfig that allows API key authentication for the selected API. For more information, see API keys.

Create API keys

Log in to the frontend app as a Portal user.
In the frontend app, go to Apps.
Find the app that you created in the list of apps.
Click DETAILS.
In the API Keys section, click ADD API KEY.
Enter a name for the API key and click ADD API KEY.
Copy the API key that is displayed to you and save it in a secure location. The API key can be used to securely access the API products you are subscribed to. For more information, see View and test APIs.

Remove API keys

Log in to the frontend app as a Portal user.
In the frontend app, go to Apps.
Find the app that you created in the list of apps.
Click DETAILS.
Find the API key that you want to remove and click Delete.

OAuth clients

You can create OAuth credentials through the portal frontend. This way, you do not need to request access to the backing OpenID Connect (OIDC) Identity Provider (IdP) that is set up to protect the APIs in the portal.

Before you begin, the Portal admin must Set up OAuth for credential management. This step includes deploying the IdP Connect server, that creates the OAuth client in the IdP for you.

Create OAuth clients

In your browser, open the portal frontend app, such as http://portal.example.com/ and log in as a Portal user.
If you have not already, create a Team and App.
From the menu bar, click Apps and find the app that you want to create credentials for in the list of apps.
In the Authentication > OAuth Client section, click Create OAuth Client.
In the confirmation popup window, click Create an OAuth client.
When the client is created, copy both the Client ID and Client Secret that are shown. Note that the client secret is never stored in the backing database. Additionally, this secret is shown to you only once at creation time, so keep this secret to make future requests to the ApiProducts in the Portal.
Save the client ID and secret in OAUTH_CLIENT and OAUTH_SECRET environment variables.
```
  export OAUTH_CLIENT=<client_id>
export OAUTH_SECRET=<client_secret>
  
```

Generate an access token using the client ID and secret, and save it in the APP_TOKEN environment variable. Update the values in this command as needed for your own IdP details. You might need to ask your Portal admin to provide the command to request an access token from the IdP. The following example uses Keycloak.

  export APP_TOKEN=$(curl -X POST -Ssm 10 --fail-with-body \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=${OAUTH_CLIENT}" \
  -d "client_secret=${OAUTH_SECRET}" \
  -d "grant_type=client_credentials" \
  "$KEYCLOAK_URL/realms/$KEYCLOAK_REALM/protocol/openid-connect/token" |
  jq -r .access_token)

echo export APP_TOKEN=${APP_TOKEN}

Test access to your app by including the access token that you just created as part of the Authorization: Bearer <access_token> header. For example, this command sends a request to the Tracks sample app. Verify that you get back a 200 success status code.
HTTP HTTPS Port-forward for local testing
```
  curl -vik http://api.tracks.com/tracks -H "Authorization: Bearer $APP_TOKEN"
  
```
```
  curl -vik https://api.tracks.com/tracks -H "Authorization: Bearer $APP_TOKEN"
  
```
```
  curl -vik localhost:8080/tracks -h "host: api.tracks.com" -H "Authorization: Bearer $APP_TOKEN"
  
```
Example output:
```
  HTTP/1.1 200 OK
  
```
Optional: Let your Portal admin know the client ID of the OAuth credentials that you created. The Portal admin can log in to the IdP and confirm that the client is created. The Portal admin can also view the client secret in the IdP, in case you forgot to copy or misplaced the secret.

Remove OAuth clients

In your browser, open the portal frontend app, such as http://portal.example.com/ and log in as a Portal user.
In the frontend app, go to Apps.
Find the app that you created in the list of apps.
Click DETAILS.
In the Authentication > OAuth Client section, click Delete.
Optional: Let your Portal admin know that you deleted the OAuth client ID. The Portal admin can log in to the IdP and confirm that the client is deleted from the IdP.

Create API credentials

API keys link

Create API keys link

Remove API keys link

OAuth clients link

Create OAuth clients link

Remove OAuth clients link