Step 1: Register the application
Added by IBM contributorIBM | Edited by IBM contributorAlex Leiskau on February 20, 2015
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

Each application that makes an API call must be registered with IBM Connections Cloud™. Connections Cloud registers this new application (called Internal App) and hands out the OAuth credentials. The registration is a one-time process.

Register your application

To register applications, you must have a valid account with a role such as customer service representative (CSR), customer administrator, or application developer (called App Developer).

To register an application, go to My Account Settings -> Internal Apps -> Register App:

Register App window

In the Register App window, after you provide the name and description of your application, select the Enable API Access via OAuth 2.0 Web Server Flow option.

In the Access Grant Duration field, you can set the expiration of the refresh token in days. You can set the value for as many as 90 days, but you might decide to set a lower value for security reasons. The value of the refresh token is not the same as the duration for the access token. Access tokens are used to call actual APIs and live only about two hours. However, you can use the refresh token to obtain a fresh access token without having to restart the OAuth flow.

Still in the Register App window, specify a callback URL. The callback URL provides an additional level of security so that the redirect URI that comes with each new request can be verified against the callback URL. This security component is important because IBM Connections Cloud sends the authorization code and other confidential and sensitive information to this callback URL.

After you click Register, you can see your application listed on the Internal Apps page and access the credentials that were generated during the registration process. You can perform various tasks from this page, such as setting properties and resetting credentials.

The OAuth credentials consist of two parts:
  • Client ID: A unique identifier for the application.
  • Client secret: A unique key with a maximum of 256 characters that is associated with your application. The client secret never expires, so it should be protected. You can reset the client secret by using the Reset Credentials option on the Internal Apps window.

Note: Connections Cloud supports only secure HTTPS-based callback URLs.

Parent topic: OAuth 2.0 APIs for web server flow
Next topic: Step 2: Obtain authorization code