Configuring OAuth 2.0 Clients for API Access

Updated
  • Updated on Aug 12, 2025
  • Published on Jul 23, 2025
  • 2 minute(s) read
  • AH
  • Jonathan Poole
  • Kevin Lidstone
 Prev
On-Premise Customers

This configuration is for private environments as it supports modern OAuth2/OIDC standards, service accounts, MFA, and audit logging. For Saas/Cloud Tenants continue with CAS until a self-hosted version is supported. See: Intro to REST APIs.

OAuth 2.0

In order to authenticate as an API client with Provider Connectivity Assurance, users can use OAuth 2.0. In this guide, we will explain how to configure Postman to use OAuth 2.0 authentication.

Requirements

  • Have Postman installed on your PC
  • Have a valid Organization Owner account for your instance of Provider Connectivity Assurance. For example, the default admin user for the deployment.

Step 1: Create a Request in Postman

  1. Enter your request URL in Postman.
    In this example, we will perform a call to retrieve connector configs: GET /api/v2/connector-configs.

  2. Enter the tenant domain as appropriate for your Provider Connectivity Assurance deployment.
    Note: Sending the request will result in a 401 response from Provider Connectivity Assurance.

image.png

Step 2: Select OAuth 2.0

  1. From the Authorization tab for the request, set the Type to OAuth 2.0.

image.png

Step 3: Obtain Client ID from the Identity and Access Management Service

  1. Log in to your deployment's identity and access management service at: https://auth.{{domain-name}} if your deployment is configured with a domain name or https://{{ip}}:3443 if it is not.

  2. Navigate to the tenant organization.
    Note: In this example the organization is named pca.
    image.png

  3. From the Projects tab, select the Analytics project.
    image.png

  4. Choose the AnalyticsUI User Agent Application.
    image.png

  5. From the top-right corner of the screen, copy the Client Id.
    image.png

Step 4: Enter the Required Configuration

  1. Enter the following values for the Oauth 2.0 configuration:

Note: In this example, the domain name configured for the deployment is npi.npav.accedian.net and the tenant is pca.

Field Value
Token Name My Token
Grant Type Authorization Code (With PKCE)
Callback URL https://pca.npi.npav.accedian.net/login
Auth URL https://auth.npi.npav.accedian.net:443/oauth/v2/authorize
Access Token URL https://auth.npi.npav.accedian.net:443/oauth/v2/token
Client ID {Copied Client ID from Step 3}
Client Secret empty
Code Challenge Method SHA-256
Code Verifier empty
Scope openid email profile
State empty
Client Authentication Send as Basic Auth header

Step 5: Obtain an Access Token

  1. Click the Get New Access Token button.
    A window will appear asking you to log in.

  2. Log in using your API user's credentials.

  3. Click the use Token button.

Step 6: Send the Request

  1. Send the request.
    You will now be authenticated.

image.png

© 2025 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks