API consumed by 3rd Party App

If we have use-case where list of API is consumed only by Third party APP/ 3rd party Developer then how do the API registration and exposure is managed ? Is this similar way a User login to Portal and getting the Key/Secret ?

Or Does this require diff Tenant for diff 3rd Party APP (to consume same API)? what’s the best practices when exposing the API to 3rd Party APP ?


If you have the reference to link or docs on same from Design/connectivity/security/management perspective when multiple 3rd Party App consuming API will help : example of Use case from Inseparability (Healthcare from Patient Access API perspective) but this may be similar for other industry as well..
The part indicated is not about registering the 3rd Part App with API gateway but the consumption/design view from 3rd Party pp to API in Gateway
0 1 152
1 REPLY 1

Not applicable

for the third-party app, it is suggested to use the Authorization code grant type.

yes, the process of getting the client id and secret is the same. Only the flows will change.

first the app will forward to the authentication server for the authentication of user. Then it will take the consent of the user to get the resource information. Now the user will get a code. In the next call to the Authentication server the code will be sent in the request to get the access token and then the actual call will happen to get the token validated and response is retuned back.

It is three legged oauth.