Smart Docs Authentication

We have an interesting use case for dev portal Smart Docs that I wanted to bounce upon with you both. We have this current draft documentation to our APIs here:

http://developer.plantronics.com/plantronics-partner-api/apis

We enforce API key auth for 3party partners. But, we have another use case which is our direct customers. We want them to be able to interact with the api and get access to their data through smart docs. But, in this case they should be able to do it without api key pattern. Is there a way to achieve this with some form of authentication? Does dev portal allow oauth authentication into it through some form of special credentials set up before? They will be logging from our cloud application.

------------------------------

----------------------------------------------

Solved Solved
0 7 331
1 ACCEPTED SOLUTION

@manojramakrishnan ,

Yes, We do support it. What you are looking for is SmartDocs support for 3 Legged - OAuth2.0. Find detailed documentation here that explains how to do this kind of smartdocs.

Just create another SmartDoc model that says "Plantronics Direct Customers APIs" that has APIs with oAuth2.0 - 3 legged oAuth Authentication support.

For Example, See oAuth2.0 enabled smartdocs in action here.

4744-open-bank-api-portal-account-information.png

Hope it helps. Keep us posted moving forward if any.

View solution in original post

7 REPLIES 7

@manojramakrishnan ,

Need some clarifications,

  • Above link doesn't work, Errors out with Page not found. Is it protected from anonymous access / internal only ?
  • Yes, Apigee Smartdocs does support OAuth 2.0 - 3 legged Oauth. For more details please refer our docs here (Configuring OAuth 2.0 authentication).

Above question is not very clear. Any detailed explanation will help. Keep us posted.

Thanks; Here is the link : http://developer.plantronics.com/plantronics-partner-api/apis

I will look at the oauth for Smart Docs. I will write something clearer later.

As an analogy:

I have data in Google drive, gmail, calendar, contacts…

Option 1: an app developer can sign up as a Google developer, get an app key, develop an app, etc. When someone runs that app, the app can ask for permission to access data provided by the APIs. The owner of that data can then grant permissions to the app to access their data.

Option 2: Using google API explorer, with *no Google developer account*, I can authenticate with my credentials and access my personal data.

Option 2 is the one we’d like to understand more. In this case the API documentation, developer portal, and API UX is Apigee, but they are not registered developers.

See: https://developers.google.com/apis-explorer/

@manojramakrishnan ,

Yes, We do support it. What you are looking for is SmartDocs support for 3 Legged - OAuth2.0. Find detailed documentation here that explains how to do this kind of smartdocs.

Just create another SmartDoc model that says "Plantronics Direct Customers APIs" that has APIs with oAuth2.0 - 3 legged oAuth Authentication support.

For Example, See oAuth2.0 enabled smartdocs in action here.

4744-open-bank-api-portal-account-information.png

Hope it helps. Keep us posted moving forward if any.

@Anil Sagar A follow up question after looking at OAuth2 documentation is when I configure Security scheme, I am seeing only screen-shot-2017-04-27-at-112804-am.png Auth code even though the example show password authorization. Not seeing password client credentials. Any idea if this grant type is supported ?

@manojramakrishnan , yes, We support password client credentials. For more information please refer Apigee Docs. Above screenshot is giving 404 not found. Please reattach!

Here is the screenshot link. https://community.apigee.com/storage/temp/4750-screen-shot-2017-04-27-at-112804-am.png

The documentation says

  1. Select OAuth 2.0 as the Type.
  2. Set the Grant Type.

But, the options that I see are only Authorization code.screen-shot-2017-04-27-at-112804-am.png