OAuth 2.0 home

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

Welcome to the home page for OAuth 2.0 on Apigee. This landing page provides links to documentation, samples, and other resources related to using OAuth 2.0 on Apigee.

The OAuth 2.0 framework

Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee.

Learn about OAuth 2.0

This collection of resources will help you get up to speed on OAuth 2.0.

  • Apigee documentation:
  • Apigee training and certifications:
    • Apigee offers online training for API developers, including a course on API security, which includes OAuth 2.0.
  • IETF Specification:
    • IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
  • Apigee e-book:

Implement the grant type flows

The following topics explain how to implement the OAuth 2.0 grant types on Apigee:


How-to topics

These topics explain how to handle common OAuth 2.0 tasks in Apigee:

OAuth 2.0 policies

These policies allow you to perform OAuth 2.0 operations in an Apigee API proxy:

  • OAuthV2 policy: The heart of the Apigee OAuth 2.0 implementation. It lets you configure OAuth 2.0 operations on Apigee that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
  • GetOAuthV2Info policy: Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
  • SetOAuthV2Info policy: Updates the profile of an access token. For example, you may want to embed a tag that is unique to your business. See also Customizing access tokens.