|
| 1 | + |
| 2 | += Creating Client Applications with Connected Apps |
| 3 | +ifndef::env-site,env-github[] |
| 4 | +include::_attributes.adoc[] |
| 5 | +endif::[] |
| 6 | +:keywords: grant access, api, contracts |
| 7 | + |
| 8 | + |
| 9 | +For automation use cases, you can use Connected Apps to create and manage client applications. |
| 10 | + |
| 11 | +Connected Apps help users delegate their access without sharing sensitive credentials or giving full control of their applications to third parties. Actions taken by connected apps are audited, and users can revoke access at any time. |
| 12 | + |
| 13 | + |
| 14 | +== Creating a Connected App |
| 15 | + |
| 16 | +To create a Connected App, see xref:access-management::connected-apps-developers.adoc[]. |
| 17 | + |
| 18 | +When you create the Connected App to manage client applications, ensure that you: |
| 19 | + |
| 20 | +. Select *App acts on its own behalf (client credentials)* for *Type*. |
| 21 | +. Add the *Application Creator* scope. |
| 22 | + |
| 23 | +image::connected-app-client-apps.png[Screenshot calling out the location of App acts on its own behalf (client credentials) and Application Creator] |
| 24 | + |
| 25 | +[calloutlist] |
| 26 | +. *App acts on its own behalf (client credentials)* type |
| 27 | +. *Add Scopes* button to add *Application Creator* scope |
| 28 | + |
| 29 | +The new Connected App can now create client applications and manage the client applications that it creates. |
| 30 | + |
| 31 | + |
| 32 | +== Client Application Management |
| 33 | + |
| 34 | +When a Connected App creates a client application, the owner of the Connected App is the owner of the new client application. The owner can add additional users as owners by using API Manager. |
| 35 | + |
| 36 | +The Connected App can manage the client application it created, and can perform the following actions: |
| 37 | + |
| 38 | +* Add users as client application owners |
| 39 | +* Request access to an API instance |
| 40 | +* Request a tier change |
| 41 | +* Reset a client applications secret |
| 42 | + |
| 43 | +You cannot add a Connected App as an owner of a client application. Connected Apps can only manage the client applications they create. |
| 44 | + |
| 45 | +== Creating a Client Application with the API Manager API |
| 46 | + |
| 47 | +After creating your Connected App, you can make requests to the API Manager API to create and manage client applications. |
| 48 | + |
| 49 | +This section only demonstrates how to create a client application. For more information about the API Manager API requests to manage client applications, see https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/api-manager-api/[API Manager API Documentation^]. |
| 50 | + |
| 51 | +To create a client application with the API Manager API: |
| 52 | + |
| 53 | +. Collect the following information to obtain your Authorization Token: |
| 54 | + |
| 55 | +* `<connected-app-client-id>`: *Id* of your connected app |
| 56 | +* `<connected-app-client-secret>`: *Secret* of your connected app |
| 57 | + |
| 58 | +. Execute the following request to obtain your Authorization Token after replacing the placeholders with the following: |
| 59 | ++ |
| 60 | +[source,ssh] |
| 61 | +---- |
| 62 | +curl --location --request POST 'https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token' \ |
| 63 | +--header 'Content-Type: application/json' \ |
| 64 | +--data-raw '{ |
| 65 | + "grant_type": "client_credentials", |
| 66 | + "client_id": "<connected-app-client-id>", |
| 67 | + "client_secret": "<connected-app-client-secret>" |
| 68 | +}' |
| 69 | +---- |
| 70 | + |
| 71 | +. Collect the following information to create your client application: |
| 72 | + |
| 73 | +* `<your-org-id>`: *Organization ID* for the organization where you want to create the connected app |
| 74 | +* `<instance-id>`: API instance ID of the API instance you are creating a client application for |
| 75 | +* Client Application parameters: |
| 76 | +** `name`: Name of the application |
| 77 | +** `description`: Description of the application |
| 78 | +** `url`: URL of the application |
| 79 | +** `redirectURI`: An array of redirect Uris |
| 80 | +** `grantTypes`: An array of Grant Types, for example: `"password"`, `"implicit"`, `"client_credentials"`, `"authorization_code"`, and `"refresh_token"` |
| 81 | +** `apiEndpoints`: “true” or “false” value indicating whether to automatically register the redirect URIs. |
| 82 | + |
| 83 | +. Execute the following request to create your client application after replacing the placeholders with the following: |
| 84 | ++ |
| 85 | +[source,ssh] |
| 86 | +---- |
| 87 | +curl --X POST 'https://anypoint.mulesoft.com/apiplatform/repository/v2/organizations/<your-org-id>/applications?apiVersionId=<instance-id>' \ |
| 88 | +--header 'Authorization: bearer <anypoint_token>' \ |
| 89 | +--header 'Content-Type: application/json' \ |
| 90 | +--data '{ |
| 91 | + "redirectUri": ["http://example.com/"], |
| 92 | + "apiEndpoints": false, |
| 93 | + "name": "Sample Client Apps Name", |
| 94 | + "description": "Create this App for Sample Client Apps via API 1", |
| 95 | + "url": "https://www.example.com/app-test1" |
| 96 | +} ' |
| 97 | +---- |
| 98 | + |
| 99 | + |
| 100 | + |
| 101 | +== See Also |
| 102 | + |
| 103 | +* xref:exchange::to-request-access.adoc[Request Access to API Instances from Exchange] |
| 104 | +* xref:remove-client-app-latest-task.adoc[Remove API Instance Contracts] |
| 105 | +* xref:access-client-app-id-task.adoc[Obtain Client ID and Client Secret Credentials of a Client Application] |
0 commit comments