Purpose

Creates an OAuth application object that holds the authorization URL, token URL, scope, client ID, and client secret. An OAuth application ID is automatically generated. This ID is used to link an OAuth application with an OAuth profile.

Note: An administrator can execute this operation on behalf of a user by appending the user query parameter to the request and specifying a user name. See also Managing resources on behalf of users.

URL

https://<myserver>:<port>/api/mgmt/oauthapps

Method

POST

URL Parameters

<myserver> is the hostname or IP address of the machine hosting the Hybrid Data Pipeline server for a non-load balancer deployment, or the machine hosting the load balancer for a load balancer deployment. For a non-load balancer deployment, <port> is the port number specified as the Server Access Port during deployment. For a load balancer deployment, <port> must be either 80 for http or 443 for https. Whenever port 80 or 443 are used, it is not necessary to include the port number in the URL.

Request Definition

The request takes the following format.

{
   "name": "oauth_application_name",
   "dataStore": data_store_id,
   "tenantId": tenant_id,
   "description": "oauth_application_description",
   "clientId": "client_id",
   "clientSecret": "client_secret"
   "authorizeURI": "oauth_authorizationcode_endpoint",
   "tokenURI": "oauth_token_endpoint",
   "scope": "oauth_scopes_list"
}
Property Description Usage Valid Values
"name" The name of the OAuth application object. Required The user-specified name of the OAuth application object. The name can contain only alphanumeric characters and the underscore character.
"dataStore" The ID of the data store for which the OAuth application object is being created. Required The Hybrid Data Pipeline currently supports access to the following data stores:
  • Google Analytics (ID: 54)
  • Google BigQuery (ID: 62)
  • Salesforce (ID: 1)
  • Autonomous REST Connector (ID: 63)
"tenantId" The ID of the tenant to which the OAuth application and data store belong.

When a tenant ID is not specified, the OAuth application is created for the tenant to which the user belongs.

 Optional A valid tenant ID.
"description" A description of the OAuth application object. Optional A description provided by the user.
"clientId" The OAuth client ID generated by the data store when an application is registered with the data store API. Required A valid client ID.
"clientSecret" The OAuth client secret generated by the data store when an application is registered with the data store API. Required A valid client secret.
"authorizeURI" The endpoint for obtaining an authorization code from the data store. Required A valid URL for obtaining a code for authorization.
"tokenURI" The endpoint for retrieving access tokens from the data store. Required A valid URL for obtaining access and refresh tokens.
"scope" A space-separated list of OAuth scopes that limit the permissions granted by an access token at the time of connection. Required A user-specified list of space-separated scopes.

Sample Request Payload 

{
  "name": "TenantA OAuth app",
  "dataStore": 54,
  "tenantId": 303,
  "description": "TenantA OAuth application object",
  "clientId": "asdfjasdljfasdkjf",
  "clientSecret": "1912308409123890"
  "authorizeURI": "https://accounts.google.com/o/oauth2/v2/auth",
  "tokenURI": "https://www.googleapis.com/oauth2/v3/token",
  "scope": "full_offline_access, test_repo"
}

Sample Server Response 

  Status code: 201
  Successful response
{
  "id": "17",
  "name": "TenantA OAuth app",
  "dataStore": 54,
  "tenantId": 303,
  "description": "TenantA OAuth application object",
  "clientId": "asdfjasdljfasdkjf",
  "clientSecret": "1912308409123890"
  "authorizeURI": "https://accounts.google.com/o/oauth2/v2/auth",
  "tokenURI": "https://www.googleapis.com/oauth2/v3/token",
  "scope": "full_offline_access, test_repo"
}

Authentication

Basic Authentication using Login ID and Password.

Authorization

Permissions apply in the following manner.
  • With the Administrator (12) permission, a user can create an OAuth application object in any tenant across the system.
  • With the MgmtAPI (11) and OAuth (28) permissions, a user in the system tenant can create an OAuth application object for the system tenant. This user can also create OAuth application objects for tenants for which he or she has administrative access.
  • With the MgmtAPI (11) and OAuth (28) permissions, a user in a child tenant can create an OAuth application object only in the tenant in which he or she resides.