API configuration

Configure API access

The Token Server offers several APIs to integrate Token Server processes with existing systems. Access to the APIs can be managed via API clients. For every API client we need to configure client ID and his authentication method. For now only client secret basic and private key JWT are supported.

The API clients can be configured in the admin console: Configuration > System > API clients.

api configuration

Per API client can be specified which API(s) can be accessed. This gives the opportunity to provide external systems using the Token Server APIs only access to a certain function. Currently the access can be granted to the following APIs:

On top of basic authentication via API clients we advise to create an IP white list for the /oauth/api endpoint, so only selected machines in the corporate network have access to these APIs.