Send Docs Feedback

Get OAuth2 Access Token by End User or App ID

Resource Summary

Security

Content Type

application/x-www-form-urlencoded

Category

OAuth 2.0 Access Token,

retrieveOAuth2AccessTokenbyEndUserIDorAppID

GET

Get OAuth2 Access Token by End User or App ID

Retrieves an OAuth2 access token by App End User ID or Developer App ID, or both. 

This API requires the orgadmin or opsadmin role.

Search by Developer App ID

Note that all OAuth2 access tokens generated by Edge include the ID of the developer app associated with the token, and you can always search for tokens based on that ID using this API. To get a list of Developer App IDs for a specific developer, you can use this API: List Developer Apps.

Search by App End User ID

In some cases, you may wish to search for tokens based on the ID of the user to whom the token was issued (the actual user of the client app). This ID has to be available as a flow variable when the token is generated by the OAuthV2 policy. You can pass this ID as a query parameter or in a header with the access token request, or you can retrieve it from an external identity provider, as may be the case with the password grant type. 


For example, you may wish to provide a way for users to discover which third-party apps they've authorized and to revoke their own access tokens for those apps. To search for tokens by user, you must first configure the OAuthV2 policy to insert a user ID into the token when it is created. This setup is described in Enable retrieval and revocation of OAuth 2.0 access tokens by end user ID, app id, or both.

 

Resource URL

https://api.enterprise.apigee.com/v1 /organizations/{org_name}/oauth2/search

Query Parameters

Name Values Description
enduser

Use to retrieve OAuth2 access tokens associated with the unique ID of a specific end user. This value is not required, but you must query by either enduser or app.

app

Use to retrieve OAuth2 access tokens associated with a Developer App ID. This value is not required, but you must query by either End User ID or Developer App ID.

limit

Use to set the number of OAuth2 access token results you want to display per “page,” or list, of results. Set this parameter if you have many results and want to paginate them, but don’t want to use the default limit of 10.

Note: You cannot retrieve more results that the number defined by the oauth_max_search_limit property in your keymanagement.properties files for your management server and message processor.

start

When the number of access tokens returned exceeds the limit value, use start to navigate the multiple pages, or lists of results.

For usage details, see "Use start and next to Navigate Through Multiple Pages of Results" below.

Request Body

org_name Mention the organization name true

HTTP Basic

OAuth 2.0

API Key

Reset

Make a request and see the response.

Make a request and see the response.

Make a request and see the response.

Response Payload Elements

Name Description
list Provides the OAuth2 access code for the end user ID and/or app ID defined in the request.
totalResults Provides the total number of OAuth2 access codes associated with the specified end user ID.
next When the number of access tokens returned exceeds the limit defined in the query parameters, next displays the value of the next access token to be displayed in the list. Use this value to navigate through multiple "pages," or lists of results.

For usage details, see "Use start and next to Navigate Through Multiple Pages of Results" below.

Use start and next to Navigate Through Multiple Pages of Results

When the number of access tokens returned exceeds the limit defined in the query parameters, you will have multiple "pages," or lists, of access token results to scroll through. Use the start query parameter and next response payload element to navigate through the results.

For example, let's say your first call returns the following response payload:

{
"list" : [ "0XXX0wX4vX43lXXXX4f8e3504oXX", "0oXzhtXdXX8kXgeXv22zv7bXXdj4", (...+8 more)],
"meta" : {
"limit" : 10,
"next" : "3gwbXXX2thXXzX7XXdyOblXtXyXX",
"query" : {
"endUser" : "{enduser}"
},
"start" : "",
"totalResults" : 100
}
}

Note that the request limited the results returned per page, or list, to 10 and that the total number of results is 100. You need a way to navigate through nine more pages of results to see all 100 results.

To do this, make another call with the next value in bold above as the start query parameter as shown in bold below. The request URL may look something like this:

https://api.enterprise.apigee.com/v1/o/{org-name}/oauth2/search?enduser={enduser}&start=3gwbXXX2thXXzX7XXdyOblXtXyXX&limit=10

See the response payload below:

{
"list" : [ "3gwbXXX2thXXzX7XXdyOblXtXyXX", "482XXv8XfXiouXvcXq6geXXkXXXX", (...+8 more)],
"meta" : {
"limit" : 10,
"next" : "Xa8mXidgXXtXXXcXnX8XXeXgXX6X",
"query" : {
"endUser" : "{enduser}"
},
"start" : "3gwbXXX2thXXzX7XXdyXblXtXyXX",
"totalResults" : 100
}
}

Note that this next page of 10 results shown above starts with the access token requested by the start parameter. To see the next 10 results, make the same call, just using the next value in bold above as the start value as shown in bold below:

https://api.enterprise.apigee.com/v1/o/{org-name}/oauth2/search?enduser={enduser}&start=Xa8mXidgXXtXXXcXnX8XXeXgXX6X&limit=10

You can page through each set of results by repeating this pattern of calls.
application/xml

Response Error Details

  • HTTP Code
    Error Code
    Description
  • keymanagement.service. app_id_not_found

    An app ID provided in the query parameters was not found.

  • keymanagement.service. parameters_missing

    An end user ID provided in the query parameters was not found.

  • keymanagement.service. InvalidValueForLimitParam

    The limit value provided in the query parameters exceeds the value of the oauth_max_search_limit property defined in your keymanagement.properties files for your management server and message processor.

Working...

Help or comments?