Managing Partners, Applications and Developers
API Partners, API Partner Applications and Developers can self-register using the Ceptor API Developer Portal - but you can also use the Ceptor Console to administer them.
There are certain things that an API Partner itself does not have access to do, such as assigning roles, or changing client_id / client_secret to non-autogenerated values - you do this in the console.
You can also use the API to manage this - see Data Structures and API Management API for information.
Select "Partners" in the API Management Menu
This will show you a view like this:
Here, you can create new partners, applications, developers etc. and modify existing ones.
Creating a Partner
Clicking on "Create" gives you this window, where you can type in a name of the new API Partner, and a short description of it.
Once created, you get this screen:
Here, you can edit the details, add contact information, create applications and give Developers access to this application.
Let's start by adding a developer...
Registering a Developer to an API Partner
Click Add to add a Developer
Type in the developer's email address and partner role - a partner role can be:
- OWNER
An owner is able to edit data for this partner, add new applications etc. in the Ceptor API Developer Portal - READ_ONLY
A read-only developer only as read access to this partner - he is not able to change any information when using the Ceptor API Developer Portal
An API Developer must already have registered and verified his email address in the developer portal before you can add him to an API Partner.
Roles
You can also add roles to the API Partner - a role is used in authorization checking - if an API Version has authorization settings that require a specific role, that API is only available to the API Partner if he also has that role.
API Partner Applications
Now, add an API Partner Application to your API Partner, click "Add" next to the Applications list to add a new application.
Fill in the name and description, click OK and Save the API Partner, that will update it so you now have a new application - select it to view and edit the details.
You can add developers directly to this application - when doing so, you can choose between 3 different roles;
- OWNER
An owner has full access to this application, and can edit its details in the Ceptor API Developer Portal - DEVELOPER
A developer has limited access to the API Partner application - he can edit some details for the application, but not any authentication settings, and he cannot remove the application. - READ_ONLY
Read-only access to this application - nothing can be changed.
The remaining settings (except for the Subscriptions) have to do with OAuth2 / OpenID Connect authentication for the API Partner Application - see JWT / OpenID Connect for more information.
When reading this documentation, note that the information listed in "Properties for OAuth2 client datastore" is not used - instead, the API Partner / API Partner Application datastore is used together with Ceptor API Management.
Confidential
Confidential clients must always provide client_secret to authenticate on calls to the token URL
Client ID / Client Secret
The Client ID and Client Secret are used for OpenID Connect and OAuth authentication - the client ID must be unique for all API Partner Applications across all API Partners. The Client Secret can be treated as a sort of password. When basic authentication is enabled on an API Version, the applications client_id and client_secret can be used to authenticate the caller.
API keys
You can also add and remove any number of API keys - an API key is unique across all API Partner applications, and can be used if API key authentication is enabled - it is a kind of password that is used to authenticate the caller.
Certificates
Here, you can paste in certificates that can be used as SSL/TLS client certificates to identify this partner application - this is especially useful in e.g. PSD2 APIs where you need to authenticate clients using TLS Client certificates.
Accesstoken type
The type of OAuth2 access token can be either UUID, or JWT - if it is a UUID, it can be used as a key - e.g. a bearer token, which is presented during authentication.
If JWT, the access token is a signed JWT (JSON Web Token) containing information about the user.
For more information about JWT / UUID and OAuth authentication, see JWT / OpenID Connect
Token name
If a non-default token should be used when creating access and/or ID tokens for this application, type the name in here - it must correspond to the configuration for the JWT / OAuth2 authentication plugin - see JWT / OpenID Connect for more information.
Redirect URIs
Here, you can specify OAuth2 redirect URIs for the application - URLs listed here are the ones that Ceptor can accept and redirect back to when doing OAuth2 authentication.
Logout URIs
List of OAuth2 Logout URIs which are allowed for this application.
Grant types
The allowed grant types that this application is limited to use - if nothing is specified, all grant types are allowed.
Scopes
Specifies which scopes the application is allowed to request - if nothing is specified, all scope values are allowed.
Access token validity (secs)
If set, this overrides the time an issued OAuth2 access token is valid for.
Refresh token validity (secs)
If set, this is the number of seconds that an OAuth2 access token is valid for - specifying how long time it can be used to retrieve a new access token, if authorization_code grant is used to obtain it.
ID token validity (mins)
If set, this is the number of minutes that an issued ID token is valid for.
Subscriptions
Here, you can manage subscriptions from this API Partner Applications to specific APIs - any API that requires subscription (assuming no authorization, roles etc. prohibits the partner from seeing them) can be subscribed to here - note that the API Developer who is OWNER of the API Manager also can manage subscriptions using the Ceptor API Developer Portal.
When subscribing, you must choose which subscription plan to use - see Securing APIs for more information about subscriptions.
API Developers
You can list, view or delete API developer information here. API developers need to self-register using the Ceptor API Developer Portal.
You can search for developers here, and view their information - viewing it shows this info:
© Ceptor ApS. All Rights Reserved.