authentication-services-colmena icon

authentication-services-colmena

1.0.x
(2 reviews)
This API implements the "Mule OAuth provider" component needed to generate and validate bearer-type tokens.

API Consumption

In order to consume an API you need to follow next steps:

  1. Request or generate connected app credentials (client-id and client-secret), this will help you to generate a bearer token.
  2. Request access into Portal/Exchange to the API you want to consume, using or creating a new application, at the end you will have application credentials (client-id and client-secret).
  3. Generate a bearer token (using connected app credentials).
  4. Consume your API using the bearer token previously generated and application credentials.

More on these steps in next lines:

Step 1

To request connected app credentials, please send a mail to:

In other cases, if you have access to Anypoint Platform with required permissions, you can generate your connected app credential following next procedure:

Step 2

Once you have access to Anypoint Platform portal or Exchange, create or use an existing application to request access to the API you want to consume. Once you have the access, use the application credentials in request headers at the moment to consume the API. The necessary headers are:

  • client_id
  • client_secret

Please don't confuse application credentials with connected app credentials.

Application credentials are used at the moment to request one API. If you try to create a bearer token with application credentials, you will get an invalid client error message.

Step 3

To generate a bearer token, you need to send a request to the following endpoint:

POST: https://authentication-services-colmena-{{env}}.us-e1.cloudhub.io/token

Don't forget to add the following headers:

  • client_id
  • client_secret
  • grant_type: CLIENT_CREDENTIALS

{{env}}: This indicates the environment from where you want to get the token.

  • dev: Development
  • qa: Testing
  • prod: Production

Step 4

Once you have all prerequisites, prepare a request to your selected API ensuring to add the following headers:

  • client_id (from application credentials)
  • client_secret (from application credentials)
  • Authorization: Bearer + Token generated

And that's all!

If you want to know more about this API, please continue reading.

Colmena Security Policies:

Every API deployed in the organization implements two security policies:

  1. Client ID enforcement
  2. OAuth 2.0 access token enforcement using Mule OAuth provider

Client ID enforcement

Enables you to restrict access to a protected resource. Only HTTP requests specifying client application credentials that are already registered with target APIs are approved. The policy validates the Client ID and Client Secret of a client application created within an Anypoint Platform organization.

This policy does not validate client application credentials that are generated outside of Anypoint Platform.

OAuth 2.0 access token enforcement using Mule OAuth provider

Enforces the use of an OAuth 2.0 access token issued through a Mule OAuth provider. Mule OAuth authenticates consumers and service providers using tokens instead of passwords, so a bearer token allows developers to have a more secure point of entry.

Authentication, which uses a Bearer Token, is also known as application-only authentication. A Bearer Token is a byte array of unspecified format that you generate using the endpoint /token in this API (authentication-api).

Another endpoint implemented in this API (authentication-api) is:

  • /validateToken: Endpoint in charge of validation of bearer tokens. This endpoint is configured in API Manager when the policy is registered for the first time.

Endpoints

Endpoint to request a token.

POST: /token

Endpoint to validate the token.

POST: /validateToken

Diagram

resources/authentication-595a848a-1110-44fc-a262-b3f52c17c7b1.png

Notes

This documentation was adjusted in January 2025. Contact: epalma@fgs.co

Reviews