Creating, Configuring, and Deleting a Public API Client

​

Creating the First Public API Client in a Tenant

1. In Vantage, click Configuration.
2. In the Tenant Adminstration dialog box, click Create API Client.

2. To copy each value, click the copy icon next to each one. Alternatively, click Save to File to download a TXT file containing both values.

Important! The secret value is shown only once during client creation, which means that it needs to be saved immediately.

3. Click Close.
   The Public API Client page appears.

​

Creating Additional Public API Clients

1. In Vantage, click Configuration.
2. In the Tenant Adminstration dialog box, click Public API Client.
3. On the Public API Client page, click the New Client drop-down list and click Add Client.

4. To copy each value, click the copy icon next to each one. Alternatively, click Save to File to download a TXT file containing both values.

Important! The secret value is shown only once during client creation, which means that it needs to be saved immediately.

5. Click Close.
   The Public API Client page appears.

​

Configuring a Public API Client

1. In the Client Name field, enter the name of the new public API client.

2. To create a new secret, click Add Secret. By default, a secret is created for a period of 6 months. You can change the expiration time and set it up to 36 months.
3. To add a new redirect URL, click Add Redirect URL.
4. Configure the allowed authentication flows in the OAuth 2.0 Flows Settings section.
   Note: This flow does not work when an External Identity Provider is configured.
   You can select more than one flow:
   • Allow Authorization Code Flow. Allows authentication using this secure authentication scheme, where instead of routing the authentication request to the user, the application sends it directly to the Vantage authorization server. The authorization server then verifies the user’s credentials and provides the client with an authorization code. Authorization Code Flow is enabled for all Vantage API clients. If needed:
     • Select the Require PKCE for Authorization Code Flow option. This option strengthens security when authorizing public clients. It allows Vantage to verify that the application requesting an access token is the same one that initiated the authentication.
   • Allow Resource Owner Password Credentials Flow. Allows users to authenticate using their username and password. This involves the application having access to the user’s password and requires a high level of trust between the user and the application.
   • Select Allow issuing refresh tokens to refresh access tokens. This option allows issuing refresh tokens for obtaining renewed access tokens. The application can request new access tokens using the refresh tokens without interacting with the user. Applications must store refresh tokens securely because they let the user stay authenticated.
5. Allow client credentials flow. Allows applications to be authorized using the OAuth 2.0 Client Credentials flow, granting them access to the Vantage API. Roles assigned to the applications are determined by the Manage Roles setting below Allow client credentials flow. With the specified roles, the application will log in to Vantage.
6. Configure the Token Lifetime Settings:
   • Access Token. Defines the time period during which the issued access token allows user access to Vantage. The default lifetime of an access token is 24 hours.
   • Refresh Token. Defines the absolute time period starting from the issuance of the first access token during which the issued refresh token can be used to renew the access token. The default lifetime of an refresh token is 30 days.

​

Deleting a Public API Client