This configuration is for private environments as it supports modern OAuth2/OIDC standards, service accounts, MFA, and audit logging. For Saas/Cloud Tenants continue with CAS until a self-hosted version is supported. See: Intro to REST APIs
OAuth 2.0
In order to authenticate as an API client with Provider Connectivity Assurance, users can use OAuth 2.0. In this guide, we will explain how to configure Postman to use OAuth 2.0 authentication.
Requirements
- Have Postman installed on your PC
- Have a valid Organization Owner account for your instance of Provider Connectivity Assurance. For example, the default admin user for the deployment.
Step 1: Create a Request in Postman
-
Enter your request URL in Postman.
In this example, we will perform a call to retrieve connector configs:GET /api/v2/connector-configs
. -
Enter the tenant domain as appropriate for your deployment of Provider Connectivity Assurance.
Note: Sending the request will result in a 401 response from Provider Connectivity Assurance.
Step 2: Select OAuth 2.0
- From the Authorization tab for the request, set the
Type
to OAuth 2.0.
Step 3: Obtain Client ID from the Identity and Access Management Service
-
Login to your deployment's identity and access management service at: https://auth.{{domain-name}} if your deployment is configured with a domain name or https://{{ip}}:3443 if it is not.
-
Navigate to the tenant organization. Note that in this example that organization is named
pca
.
-
From the projects tab, choose the Analytics project.
-
Choose the AnalyticsUI User Agent Application.
-
From the top right corner of the screen, copy the Client Id
Step 4: Enter the Required Configuration
- Enter the following values for the Oauth 2.0 configuration:
Note that in this example, the domain name configured for the deployment is npi.npav.accedian.net
and the tenant is pca
.
Field | Value |
---|---|
Token Name | My Token |
Grant Type | Authorization Code (With PKCE) |
Callback URL | https://pca.npi.npav.accedian.net/login |
Auth URL | https://auth.npi.npav.accedian.net:443/oauth/v2/authorize |
Access Token URL | https://auth.npi.npav.accedian.net:443/oauth/v2/token |
Client ID | {Copied Client ID from Step 3} |
Client Secret | empty |
Code Challenge Method | SHA-256 |
Code Verifier | empty |
Scope | openid email profile |
State | empty |
Client Authentication | Send as Basic Auth header |
Step 5: Obtain an Access Token
- Press the Get New Access Token button
A window will popup asking you to login. - Login using your API user's credentials.
- Press the use token button.
Step 6: Send the Request
- Send the request
You will now be authenticated