Using OAuth for IBM Connections Cloud API authorization
Added by IBM contributorIBM | Edited by IBM contributorAlex Leiskau on February 19, 2015
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

Connections Cloud uses the Open Authorization (OAuth) protocol for API access. OAuth is a protocol that provides a way for company applications to interact with APIs on the behalf of users without knowing their authentication credentials.
The Connections Cloud Partner Platform mandates that all web-based partner applications make use of OAuth to call Connections Cloud APIs. If your application is for desktop or mobile use, use Basic Authentication instead of OAuth.

Anyone who creates an application for integration with Connections Cloud should become familiar with OAuth.

Connections Cloud currently supports both OAuth 1.0a and 2.0. OAuth 1.0a is the default version. Note that OAuth 2.0 is not backwards compatible with previous versions of OAuth.

For more information, including access to specifications, see the http://www.oauth.net/" target="external">OAuth websiteexternal link.

Key components in the OAuth web server flow

During the web server flow, several key players are involved:

Resource owner

Resource owners are users with a Connections Cloud account who allow external or company applications to access their information on the Connections Cloud resource server.

Resource server

The resource server hosts information that belongs to resource owners. After resource owners are authenticated and authorized, the external or company application communicates with the resource server to obtain information.

Application

The application obtains information from the resource server on the behalf of users. The application can be an external (third-party) application or internal company (business partner) application. After resource owners authenticate and grant access to their information, applications can continue to communicate with the resource server without intervention from the user or as long as the access token remains valid.

Authorization server

The authorization server authenticates the resource owner, grants access, and manages tokens to provide applications with access to information on the resource server.

Parent topic: Open Authorization