OAuth home

You're viewing Apigee X documentation.
View Apigee Edge documentation.

Welcome to the home page for OAuth on Apigee. This landing page provides links to documentation, samples, and other resources related to using OAuth on Apigee.

The OAuth 2.0 framework

Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee!

Learn about OAuth 2.0

This collection of resources will help you get up to speed on OAuth 2.0.

  • Apigee documentation:
  • Apigee training and certifications:
    • Apigee offers online training for API developers, including a course on API security, which includes OAuth.
  • IETF Specification:
    • IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
  • Apigee e-book:

Implement the grant type flows

Apigee provides working samples of each OAuth 2.0 grant type to help you get started. The samples represent best practices and demonstrate how to implement OAuth grant types on Apigee.

Client credentials

Authorization code

  • Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
  • Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.


Resource owner password credentials

Quick how-to topics

These topics give you quick context and concise steps for handling common OAuth 2.0 tasks:

Policy and API references

These topics provide detailed reference information on the policies and APIs that directly support OAuth 2.0 on Apigee.

  • OAuthV2 Policies: These policies allow you to implement and customize the four OAuth 2.0 grant types on Apigee:
    • OAuthV2 policy: The heart of the Apigee OAuth 2.0 implementation. It lets you configure OAuth 2.0 operations on Apigee that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
    • GetOAuthV2Info policy: Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
    • SetOAuthV2Info policy: Updates the profile of an access token. For example, you may want to embed a tag that is unique to your business. See also Customizing access tokens.
  • OAuth 2.0 error codes