Do we really need to mandate X-IBM-Client-ID header while exposing OAuth authorize and token endpoints via IBM API Connect product?
What is the use of X-IBM-Client-Id header in IBM API Connect and What do we lose if we do not use the X-IBM-Client-Id header on accessing API?
5.8k Views Asked by sadish kannan At
2
There are 2 best solutions below
0
On
We have different types of grand types for OAuth based API. This IBM Documentation may help you understand the different types.
If the API is designed to be confidential or public. The consumer needs to provide client id and client secret of the subscribed application.
We have three types of OAuth flows in API Connect
- Application Flow (Required client Id and Client Secret - mandatory)
- Password flow (Required Client Id mandatory)
- Access Code Flow (Not mandatory)
Those are used in administrative calls like /issued (not for regular calls like /token) you need special client credentials that were created by the provider organization (inside api manager) and will accompany in the request a client id to query. (which permissions were given to a certain client by a certain resource owner)