Posts

Showing posts from June, 2021

WSO2 API Manager Token API with Password Grant

Image
WSO2 API Manager Token API with Password Grant Recently I came across a situation where I have to use the 'Password' grant type for accessing the token API for WSO2 API Manager.  Problem Statement The default token API access using cURL is available in developer portal as shown in the below screenshot- The corresponding cURL command is-  curl -k -X POST https://localhost:8243/token \ -d " grant_type=password&username=Username&password=Password " \ -H " Authorization: Basic ZmIzOUxXVXRJbm5LcElzRHVFU3RkblRqeGJzYTpxUjMyUmpPNkpZenJFRVZzN1NnbzRyeXo2WHNh " Even, in postman all the parameters are supplied in URL itself. However, this request is more URL centric towards passing the grant type, username& password. In this way the credentials are exposed in the URL itself. So how can we prevent the same to be passed but not in URL i.e. typically in header or body. Solution WSO2 token API facilitates to pass the parameters url-encoded by attaching an extra...