Skip to content

getting-an-application-access-token-6391b5d.md

Latest commit

 

History

History
470 lines (292 loc) · 7.22 KB

getting-an-application-access-token-6391b5d.md

File metadata and controls

470 lines (292 loc) · 7.22 KB

Getting an Application Access Token

Use this API to get the application access token from the SAP Software-as-a-Service Provisioning service instance.

Prerequisites

You've registered your multitenant application to the SAP SaaS Provisioning service.

For more information, see Register the Multitenant Application to the SAP SaaS Provisioning Service.

Obtaining API Request Parameters

To get the token, you call the API with the parameters obtained from the service binding object you created during the registration of your multitenant application to the SAP SaaS Provisioning service.

Use the following cf CLI command to get the service binding object:

cf env <APP_NAME>

See the step 3 in the Register the Multitenant Application to the SAP SaaS Provisioning Service to find the <APP_NAME>.

The example of the binding object you get after executing the cf CLI command, with the needed values for the API (clientid, clientsecret, and url) marked in bold:

Sample Code:

"saas-registry": [
{
"credentials": {
"apiurl": "https://api.authenticat********avlab.ondemand.com",
"appName": "sample-saas-ap********-45",
"appUrls": "{\"getDependencies\":\"http**********.cf.stag**":0}",
"clientid": "sb-sample-saas-*********************-broker!b4",
"clientsecret": "riH*************0=",
"description": "Sample multitenant application",
"display_name": "Sample multitenant application",
"identityzone": "cfs******44",
"saas_registry_url": "https://saa********ab.ondemand.com",
"sburl": "https://internal-xsu********ndemand.com",
"subaccountid": "3358efc9-*********10b456",
"tenantid": "34584*******711",
"url": "https://cfs-3035-7**********avlab.ondemand.com",
"xsappname": "sample-saa******istry-broker!b4",
"zoneid": "34584*******f499711"
},
"instance_name": "saas-app-saas-registry",
"label": "saas-registry",
"name": "saas-app-saas-registry",
"plan": "application",
}
]

The token you get after executing the API is a JSON Web Token (JWT).

For more information, see JSON Web Token (JWT).

You use this token to manage the SAP SaaS Provisioning service APIs.

Restriction:

Only the POST method is supported.

Request

URI: <THE URL OBTAINED FROM THE BINDING OBJECT "URL" FIELD>/oauth/token

HTTP Method: POST

Request Headers

Header

Required

Values

Content-Type

Yes

<application/x-www-form-urlencoded>

Authorization

Yes

Basic <encodedString> where <encodedString> is the result of base64 encoding the OAuth client's values as clientId:clientSecret that you obtained from the binding object as described in the previous section.

For more information about the base64 encoding, see Base64

Request Parameters

Parameter

Required

Data Type

Description

Parameter Type

grant_type

Yes

String

The type of the authorization that is supported by the authorization server.

Set it to client_credentials.

Authorization protocol

client_id

No

String

The ID of the client associated with the SaaS Provisioning service instance.

Obtained from the service binding object. See the section Obtaining API Request Parameters of this document for details.

Relative URL path or JavaScript source code

Request Example (curl for Mac OS)

Sample Code:

curl --location --request POST '<url>/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <base64.encoded(client_id:client_secret)>' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'grant_type=client_credentials'

Request Example (curl for Windows OS)

Sample Code:

curl --location --request POST "<url>/oauth/token" ^
--header "Content-Type: application/x-www-form-urlencoded" ^
--header "Authorization: Basic <base64.encoded(client_id:client_secret)>" ^
--data-urlencode "client_id=<client_id>" ^
--data-urlencode "grant_type=client_credentials"

Response

Generates the access token for a multitenant application.

Content Type: JSON

Response Headers

Header

Values

Content-Type

<application/json;charset=UTF-8>

Response Status and Error Codes

Code

Description

200

Access token created successfully.

Response Properties

Property Name

Property Type

Description

access_token

JWT

Access token for the multitenant application.

This is the value for which you call the API

.

token_type

String

The type of access token issued.

expires_in

Number

The number of seconds until the access token expires.

scope

String

A space-delimited list of scopes that you authorized for the client.

jti

String

A globally unique identifier for JWT.

Response Example

Sample Code:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8

{
    "access_token": "eyJ***mh0d…",
    "token_type": "bearer",
    "expires_in": 43199,
    "scope": "uaa.re***.subscription.read",
    "jti": "df6cb84439a541fab33d5b7c298debe1"
}

Related Information

Using SAP SaaS Provisioning Service APIs to Manage Multitenant Applications