Enabling OAuth - BlueCat Integrity - 9.3.0

Address Manager API Guide

Product name
BlueCat Integrity

Enabling OAuth secures the Address Manager API through the use of access tokens issued by the authorization server. An access token represents the authorization of an API client to access the Address Manager API. Once you enable OAuth in Address Manager, you must also enable OAuth on the API client. For example, if you are using BlueCat Gateway, you must update its workflows and endpoints to use OAuth for access to the Address Manager API. Automated scripts must also be updated to use OAuth. For more information, refer to OAuth API Authorization in the Address Manager Administration Guide.

Read-only API sessions with OAuth

If you are logging in using a read-only API session, you must add an additional secondary_local scope value when retrieving the access token from the OAuth server. The secondary_local scope ensures that the you are initiating a read-only session and must be set for tokens that will be used to send supported API requests to the Secondary Address Manager. The following example shows the body content of a read-only API session when retrieving the access token from the OAuth server:
client_id : <client id>
client_secret: <client secret>
grant_type: password
username: <username>
password: <password>
scope: "openid profile email groups secondary_local"

For more information on read-only API sessions and a list of APIs that support read-only sessions, refer to Read-only API sessions.