Create API clients

API clients are computers that are authorized to use AppDirect APIs to request AppReseller records associated with a Reseller's or Referral user's company. API clients are authenticated by a consumer secret and consumer key that are incorporated into each API call made by the client.

To create an API client

1. Go to Manage > Reseller > Settings > Integration | API Clients.The API Clients page opens.
2. Click Create API Client. The OAuth 2.0 - API Client Settings dialog opens.
3. Enter a name for the API client.
4. Select one or more of the following grant types:
   • Authorization Code—Used with server-side Applications. The API client interacts with the user's web browser and receives API authorization codes. Selecting this option displays the Redirect URL and the Allowed Scopes (Permissions) sections. Continue with step 5.
   • Implicit—Used with mobile applications or web applications (applications that run on the user's device). The user is asked to authorize the application, then the authorization server passes the access token back to the user-agent, which passes it to the application. Selecting this option displays the Redirect URL and the Allowed Scopes (Permissions) sections. Continue with step 5.
   • Password—Used with trusted applications. After a user gives their credentials to the application, the application requests an access token from the authorization server. After user credentials are verified, the authorization server returns an access token to the application. Selecting this option opens the Allowed Scopes (Permissions) section. Continue with step 5.
   • Refresh Token—A special type of token that can be used to obtain a renewed access token at any time. No additional sections appear. Continue with step 9.
5. Enter the redirect URL of the client. This is the URL where the authorization code is returned to during the client authorization with AppReseller (also known as a callback URL).
6. (Optional) If you selected Authorization Code, Implicit, or Password (or any combination of these) in step 4, the Allowed Scopes (Permissions) fields appear. These selections define what the API client can do and what resources it can access. Select the following scopes as required:
   • OpenID Connect scopes—Allows an API client to verify the identity of an end user using the OpenID Connect protocol. Select one of the following:
     • ID Token—Allows this client to be used for OpenID Connect SSO.
     • Basic User Information—Allows an API client to access a user’s email address and basic profile information such as first name, last name, and email address contained in the UserInfo API.
   • User-level scopes—Select one or more of the user roles in the list to allow the API client to act on behalf of users that are assigned those user roles.
7. (Optional) If you selected ID Token under OpenID Connect scopes in the previous step, the Persistent SSO field appears. Select this option to give AppReseller users the option to remain logged in when authenticating with a trusted mobile application that has enabled persistent Single Sign-On (SSO), such as Mobile MyApps.
8. (Optional) In the Allowed IP Addresses field, enter a comma-separated list of IP addresses from which this API client is allowed to send requests (classless interdomain routing (CIDR) notation is supported). Leave the field blank to allow requests from all IP addresses.
9. Click Save Settings. The new API client is created, along with a consumer secret and consumer key. A message appears that includes the consumer secret and a warning that you should copy and store the secret in a safe location because it cannot be retrieved after the message is dismissed.
10. Copy the consumer secret to a secure file where you can retrieve it later as needed.