OAuth 2.0 home

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

Welcome to the home page for OAuth 2.0 on Apigee. This landing page provides links to documentation, samples, and other resources related to using OAuth 2.0 on Apigee.

The OAuth 2.0 framework

Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee.

Learn about OAuth 2.0

This collection of resources will help you get up to speed on OAuth 2.0.

• Apigee documentation:
  • Introduction to OAuth 2.0 -- Covers basic OAuth 2.0 concepts and terms. Focuses using OAuth 2.0 on Apigee.
• Apigee training and certifications:
  • Apigee offers online training for API developers, including a course on API security, which includes OAuth 2.0.
• IETF Specification:
  • IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
• Apigee e-book:
  • OAuth the Big Picture, a free Apigee e-book.

---

Implement the grant type flows

The following topics explain how to implement the OAuth 2.0 grant types on Apigee:

• Implementing the client credentials grant type - Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
• Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
• Use the implicit grant type -- Shows how to request tokens with the implicit grant type.
• Implementing the password grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.

---

How-to topics

These topics explain how to handle common OAuth 2.0 tasks in Apigee:

• OAuth 2.0: Configuring a new API proxy
• Registering client apps
• Obtaining client credentials
• Understanding OAuth endpoints
• Get OAuth 2.0 tokens
• Customizing tokens and authorization codes
• Revoking and approving tokens
• Sending an access token
• Verifying access tokens
• Working with OAuth 2.0 scopes
• Advanced OAuth 2.0 topics
• Using JWT OAuth 2.0 tokens

OAuth 2.0 policies

These policies allow you to perform OAuth 2.0 operations in an Apigee API proxy:

• OAuthV2 policy: The heart of the Apigee OAuth 2.0 implementation. It lets you configure OAuth 2.0 operations on Apigee that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
• GetOAuthV2Info policy: Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
• SetOAuthV2Info policy: Updates the profile of an access token. For example, you may want to embed a tag that is unique to your business. See also Customizing access tokens.

---