Obtaining client credentials

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

This topic shows you how to obtain client credentials (also called developer keys) for development and testing purposes using an out-of-the-box developer app and product. For production situations, the steps are similar, however you would use your own developer apps, products, and other entities.

What are client credentials?

To participate in any OAuth 2.0 flow, all client apps must be registered with Apigee Edge (the authorization server). When you register your app, you will be assigned two keys: the Consumer ID and Consumer Secret. The Consumer ID is a public key and Consumer Secret must never be made public. These client credential keys allow Apigee Edge to uniquely identify the client app.

Quick steps

These quick steps show you how to obtain developer keys for one of the out-of-the-box apps that are configured when you created your Apigee Edge organization. You can use these keys mainly for development and testing:

  1. Access the Developer Apps page, as described below.


    To access the Developer Apps page using the Edge UI:

    1. Sign in to apigee.com/edge.
    2. Select Publish > Apps in the left navigation bar.
    3. Click +Proxy

    Classic Edge (Private Cloud)

    To access the Developer Apps page using the Classic Edge UI:

    1. Sign in to http://ms-ip:9000, where ms-ip is the IP address or DNS name of the Management Server node.
    2. Select Publish > Developer Apps in the top navigation bar.
  2. Click Weather App to open the Weather App overview page. Notice that the developer associated with the app is Nicolai Tesla. This app and developer were provisioned by default when your organization was created. All developer apps must have a developer associated with them.
  3. In the Products section, next to the Premium Weather API product, click Show to expose the Consumer ID and Consumer Secret values.
  4. Copy and save those two values -- you will need to use them later to make API calls to obtain access tokens.

Getting client credentials with Edge APIs

You can also obtain the consumer key and secret for an app by calling the management API. First, get the list of apps in your organization by making the following API call:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps \
-u email:password 

This call returns a list of apps by app ID.

[ "da496fae-2a04-4a5c-b2d0-709278a6f9db", "50e3e831-175b-4a05-8fb6-05a54701af6e" ]

You can retrieve an app's profile by making a simple GET call on the app ID:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps/{app_id} \
-u email:password 

For example:

$ curl https://api.enterprise.apigee.com/v1/o/{org_name}/apps/da496fae-2a04-4a5c-b2d0-709278a6f9db \
-u email:password 

The API call returns the profile of the app you specified. For example, an app profile for weatherapp has the following JSON representation:

  "accessType" : "read",
  "apiProducts" : [ ],
  "appFamily" : "default",
  "appId" : "da496fae-2a04-4a5c-b2d0-70928a6f9db",
  "attributes" : [ ],
  "callbackUrl" : "http://weatherapp.com",
  "createdAt" : 1380290158713,
  "createdBy" : "noreply_admin@apigee.com",
  "credentials" : [ {
    "apiProducts" : [ {
      "apiproduct" : "PremiumWeatherAPI",
      "status" : "approved"
    } ],
    "attributes" : [ ],
    "consumerKey" : "bBGAQrXgivA9lKu7NMPyYpVKNhGar6K",
    "consumerSecret" : "hAr4Gn0gA9vyvI4",
    "expiresAt" : -1,
    "issuedAt" : 1380290161417,
    "scopes" : [ ],
    "status" : "approved"
  } ],
  "developerId" : "5w95xGkpnjzDBT4",
  "lastModifiedAt" : 1380290158713,
  "lastModifiedBy" : "noreply_admin@apigee.com",
  "name" : "weatherapp",
  "scopes" : [ ],
  "status" : "approved"

Note the values for consumerKey and consumerSecret.

Deeper dive

For a more detailed discussion of app registration and key management, see Register apps and manage API keys.