This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

OAuth Best Practice: How to get access token from external Target Endpoint (yelp) via client_credentials

Posted on 10-08-2016 11:53 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I am defining an API Proxy and am confused about the best way to get an access_token, and use it with an external target. My API flow looks like this

client -> edgeApiProxy -> yelp

Authentication between client and Apigee Edge is out of scope of this question.

My API Proxy is the client for the request to Yelp, and Yelp will require me to get an access token via the client_credentials grant type. It seems I can do this with a service callout policy and just cache the token until it expires. Is this the best way to retrieve the token and use it when making calls to Yelp or other OAuth protected external resources? Looking at the OAuth policies in Apigee they all seem to be related to Edge being the authorization server and/or resource owner.

Thank you

Solved Solved
1 6 2,619
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
zubermohammad
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

Hi @Kd Ford,

Generally for handling tokens of target systems we use a populate cache and lookup cache policy combination.

Where first you do a service callout to get the token and populate the cache with token with token expiry time as cache expiry time.

Then when you receive a request for a protected resource just do a lookup on cache for the token if the lookup fails then do service callout to fetch new token and populate cache again.

This is explained in detail in answer here

View solution in original post

Jump to Solution
6 REPLIES 6