Apigee OAuth 2 OpenAPI Spec?

tmcdevitt · 03-13-2019 11:54 AM

We've got an Apigee proxy set up with a supporting OpenAPI spec. This proxy utilizes Apigee's OAuth 2 client credentials option for security.

We've also got our dev portal set up with an API Product whose documentation is coming from our OpenAPI spec.

What's missing in the documentation are the OAuth endpoints and the details behind them. Given that it's OAuth 2, we could certainly point developers in our portal to documentation on the web that details the endpoints but it sure would be nice if they could see that documentation "in line" with our documentation.

So, is there an official OpenAPI spec for Apigee's OAuth 2 implementation?

Additionally, if there is a spec, what's the best way to incorporate it into our Apigee Edge dev portal? From what I can see, we'd likely need to append the OAuth OpenAPI spec to our OpenAPI spec such that the portal will pick it up. It doesn't look like we can generate an API Product's documentation from multiple specs (I know that wouldn't normally make sense but in this case, I feel like it does).

Thanks

madhans

The security definitions in Open API Spec v3.0 have very clear OAuth support and the portal provides the necessary "authorize" capability out of the box.

The common approach I see many Apigee users follow is to have a separate "Authentication" page that talks about OAuth flows supported and in general this is a great content in "Getting Started" guide where you talk about app signup and getting hold of client id and secret.

For example this one

https://developer.abnamro.com/get-started

Having a token endpoint documented separately in each API Product will mislead visitors to ignore the "authorize" feature built in the page itself.