Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Obtaining client credentials

This topic shows you how to obtain client credentials (also called developer keys) for development and testing purposes using an out-of-the-box developer app and product. For production situations, the steps are similar, however you would use your own developer apps, products, and other entities.

What are client credentials?

To participate in any OAuth 2.0 flow, all client apps must be registered with Apigee Edge (the authorization server). When you register your app, you will be assigned two keys: the Consumer ID and Consumer Secret. The Consumer ID is a public key and Consumer Secret must never be made public. These client credential keys allow Apigee Edge to uniquely identify the client app.

Terminology: The IETF OAuth 2.0 specification refers to client credentials as the client identifier and client secret. The Apigee Edge management UI refers to them as the Consumer ID and the Consumer Secret. These terms are synonymous. 

Quick steps

These quick steps show you how to obtain developer keys for one of the out-of-the-box apps that are configured when you created your Apigee Edge organization. You can use these keys mainly for development and testing: 

  1. Log in to your Apigee Edge account.
  2. Select Publish > Developer Apps to open the Developer Apps overview page. 
  3. Click Weather App to open the Weather App overview page. Notice that the developer associated with the app is Nicolai Tesla. This app and developer were provisioned by default when your organization was created. All developer apps must have a developer associated with them. 
  4. In the Products section, next to the Premium Weather API product, click Show to expose the Consumer ID and Consumer Secret values.
  5. Copy and save those two values -- you will need to use them later to make API calls to obtain access tokens.
It's important to be sure that the product associated with the keys is enabled for the same environment where the API you are securing is deployed. If not, you will receive this error when the access token is validated: Invalid API call as no apiproduct match found. For more information, see this helpful article on the Apigee Community

Getting client credentials with Edge APIs

You can also obtain the consumer key and secret for an app by calling the management API. First, get the list of apps in your organization by making the following API call:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps \
-u email:password 

This call returns a list of apps by app ID.

[ "da496fae-2a04-4a5c-b2d0-709278a6f9db", "50e3e831-175b-4a05-8fb6-05a54701af6e" ]

You can retrieve an app's profile by making a simple GET call on the app ID:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps/{app_id} \
-u email:password 

例:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps/da496fae-2a04-4a5c-b2d0-709278a6f9db \
-u email:password 

The API call returns the profile of the app you specified. For example, an app profile for weatherapp has the following JSON representation:

{
  "accessType" : "read",
  "apiProducts" : [ ],
  "appFamily" : "default",
  "appId" : "da496fae-2a04-4a5c-b2d0-70928a6f9db",
  "attributes" : [ ],
  "callbackUrl" : "http://weatherapp.com",
  "createdAt" : 1380290158713,
  "createdBy" : "noreply_admin@apigee.com",
  "credentials" : [ {
    "apiProducts" : [ {
      "apiproduct" : "PremiumWeatherAPI",
      "status" : "approved"
    } ],
    "attributes" : [ ],
    "consumerKey" : "bBGAQrXgivA9lKu7NMPyYpVKNhGar6K",
    "consumerSecret" : "hAr4Gn0gA9vyvI4",
    "expiresAt" : -1,
    "issuedAt" : 1380290161417,
    "scopes" : [ ],
    "status" : "approved"
  } ],
  "developerId" : "5w95xGkpnjzDBT4",
  "lastModifiedAt" : 1380290158713,
  "lastModifiedBy" : "noreply_admin@apigee.com",
  "name" : "weatherapp",
  "scopes" : [ ],
  "status" : "approved"
}

Note the values for consumerKey and consumerSecret.

Deeper dive

For a more detailed discussion of app registration and key management, see Register apps and manage API keys.

Help or comments?