Contact Free trial Login

Request Access

To register a client application to an existing API, the client application must first request access. When the request is approved by the API owner, a contract is created between the client application and the API, and the client application is registered.

APIs that are protected by a client ID enforcement policy require client applications to provide a client ID and optional client secret. The client ID and client secret credentials are automatically created when the client application is registered.

An API owner can use API Manager to view all API contracts ever created for an API instance. An API consumer can use Exchange’s My Applications page to view the API contracts created between an API instance and that consumer’s client applications.

API providers can view, manage, and revoke these contracts by following the steps in Managing API Instance Contracts on API Manager.

If terms and conditions are set for an asset, you are prompted to accept the terms before access is granted, and the created contract includes the terms and conditions.

  1. Click an API asset to view more details.

  2. Click Request Access.

  3. If you do not have an application to which to provide access, click Request Access > Create A New Application. See the section "Create a New Application" for more information.

  4. If you are using an existing application, choose from the list of applications.

  5. Choose the API Instance from the list of APIs.

  6. Choose the service-level agreement (SLA) value for the application.

  7. Click Request Access.

    The Request API Access menu opens to show that the API access was successful. This screen lists the client ID and client secret for this API access instance.

Create a New Application

Choose from the screens that follow for what to provide:

  • If an organization uses OAuth authentication, this screen appears:

    Screenshot - Create New Application


    • The application name.

    • An optional description for the application.

    • An optional application URL for where the app resides. If not specified, the app is assumed to be in the Runtime Manager.

    • An optional URL for an OAuth 2 callback.

  • If an organization has external authentication, this screen appears:

    Screenshot - External Authentication

    Specify the same values as above, but also:

    The OAuth 2 grant type:

    • Implicit Grant

    • Authorization Code Grant

    • Refresh Token