- Will it automatically redirect to OAuth2 token url when we access the API or just error will be thrown ?
- Can there be a persistent auth token for accessing API or it will vary for every other requests to API end point ?
If you just call a secured API directly (without a token) it will throw a 401 unauthorized, you must first call the /token url, passing in the appropriate headers (grant_type, client_id, client_secret and other optional ones depending on the implementation). It will return a response like this upon successful auth:
{ "access_token": "31d9fda8-4694-427b-af57-90853907daf3", "token_type": "bearer", "expires_in": 42381 }
the access_token and token_type are concatenated and packed into the authorization header of the subsequent api calls to /some_secured_resource:
Authorization: bearer 31d9fda8-4694-427b-af57-90853907daf3
this token can be persistent for as long as the expires_in (seconds) is valid. This is why my second example of storing the token in a variable might be more useful. You can schedule a call to the token url to match the expiry, which shouldn't change.
Hello,
We had takenup this feature request. Where we will allow users to define the OAuth token at global level and utilize it for any number of monitors. This also will auto refresh itself before token expiry.
Will keep this post updated on the further progress in this feature.
Raghavan
Hi, do you guys have any date to implement this feature? Otherwise I will have to develop static token on my applications, but it's not a very safe solution.
Hello,
This is currently under development. Most probably it will release in 4-6 weeks.
We will update this thread once the feature is live.
Raghavan
Hello Fernando,
Right now, this feature is in a final stage of development and
we have planned to release before the end of this month.
Regards,
Rafee
Hello,
We've extended our support for monitoring Websites, APIs and Web Services secured by OAuth 2. You can follow this community thread to learn more about this enhancement.
Regards,
Abhiram