Application Access
For an application to securely interact with Usage Engine APIs, it must first establish its identity. This identity is established and managed through Application Access.
Usage Engine uses the OAuth 2.0 protocol to authorize any access to the APIs. It supports service-to-service or machine-to-machine requests without a user context associated with the call using an authorization flow called Client Credentials.
This can be done using the Authorization
EndPoint (authentication/v1/oauth/token
) where the application will request access to a protected resource. In response, the Authorization Service grants access tokens to the client (external) application. The Usage Engine API then validates these access tokens and approves access to the protected resource. In this flow, the external application directly presents its credentials to the authorization server and receives an access token without involving a user.
By default, Usage Engine provides all the necessary scopes when creating a token.
Note!
The purpose of this scope is to follow the principle of least privilege, ensuring that an application only has access to the specific data and resources needed to complete a task.
Once an application access is created, the following set of parameters must be shared with the application that needs to access the Usage Engine APIs to be able to retrieve the authorization token, see Accessing the Usage Engine CE APIs for an example.
Parameter | Value |
---|---|
client_id | A unique identifier generated for your application. |
client_secret | A unique secret generated for your application. This is a critical parameter and you should only keep it in a safe location. The platform will only show it once during the creation of the Application Access. |
audience | The intended recipients which should accept and process the token. Use the base URL for the Environments you are accessing. |
grant_type | The OAuth grant type that will be used to generate the token. The value of this parameter must be |
The section contains of the following subsection: