oAuth Workflow

1. Client application sends a request to the AppViewX server with a Client ID and Client Secret to get the Access Token.

   API: acctmgmt-get-service-token

   URL: http://localhost:5300/avxapi/acctmgmt-get-service-token?gwsource=web&gwkey=f000ca01

   Method: POST

   Header:

   Basic Authentication : (base64(clientId:clientsecret))

   Payload:

   {
     "payload": {
       "grant_type":"client_credentials"
     }
   }
   

2. AppViewX validates the Client ID and the Client Secret.
3. Once the Client ID and the Client Secret are validated by AppViewX, it then returns the Access token with the expiry time. This is a JWT token. The client application can decode this JWT token to get all the claims including the expiry time of that token inside the exp claim.
   Response:

   {
   "response": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBcHBsaWNhdGlvbl8xIiwiYXVkIjoiYXZ4IiwiY2xpZW50SWQiOiIwZjM0ZTg0OC1mMDY5LTRjZmItODIwZS0zZGM1M2IzMDE5ZmMiLCJpc3MiOiJhdngiLCJleHAiOjE2NDMxMDc3OTQsImdyYW50IHR5cGUiOiJjbGllbnRfY3JlZGVudGlhbHMifQ.EC6my35MCUsMVC0gsylFqWVzqjgs5Js87Owf1esoano",
   "message": null,
   "appStatusCode": null,
   "tags": null,
   "headers": null
   }
   

   Access Token JWT Claims:

   
     "sub": "Application_1",
     "aud": "avx",
     "clientId": "0f34e848-f069-4cfb-820e-3dc53b3019fc",
     "iss": "avx",
     "exp": 1643107794,
     "grant type": "client_credentials"
   }
   

4. The Client application then accesses the API endpoints with the Access Token in the “token” header of the API. Then AppViewX provides the response.

Example

Refer to the below sample screenshot for reference.