Configuring OAuth 2.0 Clients for API Access

Prev
On-Premise Customers

This configuration is for private environments as it supports modern OAuth2/OIDC standards, service accounts, MFA, and audit logging. For Saas/Cloud Tenants continue with CAS until a self-hosted version is supported. See: Intro to REST APIs

OAuth 2.0

In order to authenticate as an API client with Provider Connectivity Assurance, users can use OAuth 2.0. In this guide, we will explain how to configure Postman to use OAuth 2.0 authentication.

Requirements

  • Have Postman installed on your PC
  • Have a valid Organization Owner account for your instance of Provider Connectivity Assurance. For example, the default admin user for the deployment.

Step 1: Create a Request in Postman

  1. Enter your request URL in Postman.
    In this example, we will perform a call to retrieve connector configs: GET /api/v2/connector-configs.

  2. Enter the tenant domain as appropriate for your deployment of Provider Connectivity Assurance.
    Note: Sending the request will result in a 401 response from Provider Connectivity Assurance.

image.png

Step 2: Select OAuth 2.0

  1. From the Authorization tab for the request, set the Type to OAuth 2.0.

image.png

Step 3: Obtain Client ID from the Identity and Access Management Service

  1. Login to your deployment's identity and access management service at: https://auth.{{domain-name}} if your deployment is configured with a domain name or https://{{ip}}:3443 if it is not.

  2. Navigate to the tenant organization. Note that in this example that organization is named pca.
    image.png

  3. From the projects tab, choose the Analytics project.
    image.png

  4. Choose the AnalyticsUI User Agent Application.
    image.png

  5. From the top right corner of the screen, copy the Client Id
    image.png

Step 4: Enter the Required Configuration

  1. Enter the following values for the Oauth 2.0 configuration:

Note that in this example, the domain name configured for the deployment is npi.npav.accedian.net and the tenant is pca.

Field Value
Token Name My Token
Grant Type Authorization Code (With PKCE)
Callback URL https://pca.npi.npav.accedian.net/login
Auth URL https://auth.npi.npav.accedian.net:443/oauth/v2/authorize
Access Token URL https://auth.npi.npav.accedian.net:443/oauth/v2/token
Client ID {Copied Client ID from Step 3}
Client Secret empty
Code Challenge Method SHA-256
Code Verifier empty
Scope openid email profile
State empty
Client Authentication Send as Basic Auth header

Step 5: Obtain an Access Token

  1. Press the Get New Access Token button
    A window will popup asking you to login.
  2. Login using your API user's credentials.
  3. Press the use token button.

Step 6: Send the Request

  1. Send the request
    You will now be authenticated

image.png