OAuth home

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

Welcome to the home page for OAuth on Apigee Edge. This landing page provides links to documentation, samples, and other resources related to using OAuth on Apigee Edge.

The OAuth 2.0 framework

Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee Edge!

Learn about OAuth 2.0

This collection of resources will help you get up to speed on OAuth 2.0.

  • Apigee documentation:
  • Apigee training and certifications:
    • Apigee offers online training for API developers, including a course on API security, which includes OAuth.
  • IETF Specification:
    • IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
  • Apigee e-book and video:

Implement the grant type flows

Apigee provides working samples of each OAuth 2.0 grant type to help you get started. The samples represent best practices and demonstrate how to implement OAuth grant types on Apigee Edge.

Client credentials

Authorization code

  • Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge.
  • Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.


Resource owner password credentials

Quick how-to topics

These topics give you quick context and concise steps for handling common OAuth 2.0 tasks:

Policy and API references

These topics provide detailed reference information on the policies and APIs that directly support OAuth 2.0 on Edge.

  • OAuthV2 Policies -- These policies allow you to implement and customize the four OAuth 2.0 grant types on Apigee Edge:
    • OAuthV2 policy -- The heart of the Apigee Edge OAuth 2.0 implementation. It lets you configure OAuth 2.0 "operations" on Apigee Edge that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
    • GetOAuthV2Info policy -- Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
    • SetOAuthV2Info policy -- Updates the profile of an access token. For example, you may want to embed a tag that is unique to you business. See also Customizing access tokens.
  • OAuth 2.0 error codes
  • OAuth 2.0 APIs -- Apigee provides these APIs for working with OAuth 2.0 endpoints.

The OAuth 1.0a framework

OAuth 1.0a defines a standard protocol that enables app users to authorize apps to consume APIs on their behalf, without requiring app users to disclose their passwords to the app in the process.

OAuth 1.0a policy reference

The OAuthV1 policy reference explains how to configure an OAuth v1.0a plicy. The OAuthV1 policy type is responsible for generating request tokens, generating access tokens, and verifying access tokens based on the OAuth 1.0a specification.

OAuth 1.0a APIs

Apigee provides APIs for working with OAuth 1.0a endpoints.

OAuth 1.0a sample on GitHub

This sample API proxy on GitHub illustrates an OAuth 1.0a three-legged configuration. You can download and run this code.

Name Description
oauth10a-3legged Demonstrates an OAuth 1.0a three-legged configuration.