webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

what is the best suited Oauth grant Type when exposing webmethods IS service as API?

  • 1.  what is the best suited Oauth grant Type when exposing webmethods IS service as API?

    Posted 2 days ago

    Hi Folks,

    I would like to expose WebMethods 10.15 service as Rest API, may I know which is the best Oauth grant type to use with it.

    source application is on internet/ 3rd party system consuming WebMethods rest API. No use of webmethods enterprise gateway.

    1. Authorization Code Grant Flow
    2. Client Credentials Grant Flow
    3. Resource Owner Password Credentials Grant Flow
    4. Implicit Resource Grant Flow



    ------------------------------
    Developer EDI
    ------------------------------


  • 2.  RE: what is the best suited Oauth grant Type when exposing webmethods IS service as API?

    Posted 2 days ago

    Hello,

    IMO, it all depends upon the usecase and on the nature of the client and the level of security you need.

    For the above usecase, we are interacting M2M (machine to machine) where there is no manual intervention, It is recommended to use client credentials.

    We have other grant types for other scenarios. From the abive some of them are deprecated or not recommeneded to use  like Implict grant flow and Resource owner.

    What i have seen Authorization code grant flow  is manily implemented for mobile app where user logs in using browser.

    Regards

    Vikash Sharma



    ------------------------------
    Vikash Sharma
    ------------------------------

    Original Message


Related Content