Skip to main content

API access control

The Constellation DX APIs for Pega platform are protected resources. These are REST services that use OAuth 2.0 standards to access over HTTPS.

OAuth 2.0 is an authorization protocol and not an authentication protocol. As such, it is designed primarily to grant access to a set of resources, such as remote APIs or user data.

Note: Every web embeds channel creation automatically creates an OAuth 2.0 client registration data instance.

OAuth 2.0 client registration

OAuth 2.0 data instances help you to securely access REST services over HTTPS. Two OAuth 2.0 data instance types are available in Pega Infinity: OAuth 2.0 Provider and OAuth 2.0 client registration.

The Pega Infinity instance uses the OAuth 2.0 provider to access external resources such as Twitter and Facebook over HTTPS; the external system uses OAuth 2.0 client registration to access Pega Infinity instance resources over HTTPS. 

The grant type is important when you create an OAuth 2.0 client registration; the supported grant types are authorization code, client credentials, password credentials, SAML bearer, JWT bearer, and custom bearer. You can use these grant types alone or in combination with each other. 

Pega Infinity instance can act as both an OAuth 2.0 provider and an OAuth 2.0 client when you use the client credentials grant type. In this grant type, a Pega application can receive an access token for its own account that is unrelated to a specific user. 

Pega API REST services are protected by OAuth 2.0. The client application developer registers the client and uses an access token to make Pega API REST calls. The Pega Infinity instance authorizes the application by using the operator ID associated with the client during registration, not the operator ID associated with the developer. 

Create an operator ID to explicitly associate with OAuth 2.0, as shown in the following video:

After you create an operator ID, you create OAuth 2.0 client registration, as shown in the following video:

Check your knowledge with the following interaction:


This Topic is available in the following Modules:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice