Securing Admin API
Authenticating Requests
To authenticate your request to the Admin API, first retrieve a token by POSTing a URL-Encoded Form request to the /connect/token
endpoint.
Endpoint | Http Verb | Description | Request Schema | Response Schema (Success) | Response Schema (Error) |
---|---|---|---|---|---|
/connect/token | POST | Retrieve a bearer token for Admin API |
| { | { |
Save the resulting access_token
from the response and include it as a Bearer token in the Authorization
header on subsequent requests. Note the expires_in
time and request new tokens accordingly.
Security Endpoints in Admin API
The endpoints outlined here do not follow the same patterns as those documented in Endpoints in Admin API 1.x. They are not prefixed with a version and do not wrap their responses in the same format consistently.
These endpoints are managed separately from API endpoints in order to support OAuth 2.0 internally and may change in future releases.
Scope and Authorization
Admin API v1 includes a single scope of authorization (e
dfi_admin_api/full_access
) which allows access to all functional endpoints when granted to a given client.
By default, all registered clients are granted access to this scope, however you MUST request the scope when requesting a token. See endpoint description above for detail.
Future releases may introduce additional scopes or allow configuration or customization of client authorization in Admin API.
Registering New Clients
Only Enable Registration When Necessary
Since the /connect/register
endpoint does not require any authentication, it is recommended that it remains disabled when not registering a new client. If you must register a new client, temporarily enable, then re-disable the endpoint by updating the configuration. For default first-time client registration see First-Time Configuration for Admin API 1.x.
Enable registering clients by updating your application configuration to set Authentication:EnableRegistration
to true
. Restart the application.
Then, register a new client by POSTing a URL-Encoded Form request to /connect/register
.
Endpoint | Http Verb | Description | Request Schema | Response Schema (Success) | Response Schema (Validation Error) | Response Schema (Error) |
---|---|---|---|---|---|---|
/connect/register | POST | Registers a new Admin API client |
| { | { | { |
You can now retrieve a bearer token using the process above with your newly registered Client ID and Secret.