API configuration

Configure API access

The Token Server offers several APIs to integrate Token Server processes with existing systems. Access to the APIs can be managed via API clients. For every API client we need to configure client ID and his authentication method. For now only client secret basic and private key JWT are supported.

The API clients can be configured in the admin console: Configuration > System > API clients.

Per API client can be specified which API(s) can be accessed. This gives the opportunity to provide external systems using the Token Server APIs only access to a certain function. Currently the access can be granted to the following APIs:

• Admin API
• Config API
• End user
• Events API
• Insights: communication between Onegini Insights and the Token Server to retrieve statistics data.
• Mobile authentication
• Payload encryption policy: communication between the Onegini Security Proxy and the Token Server to exchange payload encryption settings.
• Token introspection
• User registration:
  • Custom Registration
  • Two Way OTP

On top of basic authentication via API clients we advise to create an IP white list for the /oauth/api endpoint, so only selected machines in the corporate network have access to these APIs.