Application Keys¶
An API Access Token/Key is a string that is being passed as an HTTP header of an API request. WSO2 APIM provides OAuth2.0 bearer token-based authentication for API access and the API key has to be submitted alongside the API request in order to authenticate the access.
When an Application Developer registers an Application in the Developer Portal, a consumer-key and consumer-secret pair is generated, which represents the credentials of the Application that is being registered. The consumer-key becomes the unique identifier of the Application, similar to a user's username, and is used to authenticate the application/user. When an API key or an API access token is issued for the Application, it is issued against the latter mentioned consumer-key. When sending an API request, the access token has to be passed as the Authorization HTTP header value.
Example:
Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a
Generate application keys¶
Follow the instructions below to generate/renew application keys:
-
Sign in to WSO2 API Developer Portal (
https://<hostname>:9443/devportal
). -
Click Applications to navigate to the applications listing page and click on the respective application for which you want to generate keys.
-
Click Production Keys and click Generate Keys to create an application access token.
The access token will be generated along with the application consumer key and secret.
After the keys are generated, you can find the consumer key and consumer secret pair via the application details page.
Tip
When you generate access tokens for APIs that are protected by scopes, you can select the respective scopes and thereafter, generate the token for it.
Generate application keys using Okta Key Manager¶
Follow the instructions below to generate keys using the Okta Key Manager:
Let's assume that you are working in a production environment.
-
Sign in to WSO2 API Developer Portal (
https://<hostname>:9443/devportal
). -
Click Production Keys and then click Okta.
-
Click Generate Keys to create an application access token.
Info
For more information on the client application properties that need to be set, see the Okta documentation.
Note
If you need an Access Token with scopes, make sure that you have created the scopes in advance on the Okta side.
Generate application keys using Keycloak Key Manager¶
Follow the instructions below to generate keys using the Keycloak Key Manager:
-
Sign in to WSO2 API Developer Portal (
https://<hostname>:9443/devportal
). -
Click Production Keys and then click Keycloak.
-
Click Generate Keys to create an application access token.