Enabling API Access

By default, TIBCO Cloud™ Integration API access is disabled for all organizations. If you have a single organization, you can generate an OAuth token for that organization and use it to access and manage your organization via the API.

If you have a parent organization with one or more child organizations, you can generate an OAuth token for the parent organization and use it to access and manage all organizations in that family via the API. In this scenario, you must use the API to enable API access for each child organization you plan to manage with the API.

If you have more than one parent organization with associated child organizations, OAuth token use is restricted by family. You can only use the parent OAuth token to access the child organizations associated with the parent organization that owns that OAuth token. For example assume you have the following sets of parent / child organizations: 

• Parent 1 and Child 1A
• Parent 2 and Child 2A

You cannot use the OAuth token for Parent 1 to access Child 2A. Only the OAuth token for Parent 2 would allow you to access Child 2A.

To enable API access for an organization:

1. Log into TIBCO Cloud Integration and select your parent organization. If you have a single organization, you do not need to select anything.
2. Configure an OAuth client under your TIBCO Cloud Integration user settings. This is required if you plan to refresh access tokens programatically. See OAuth Access Tokens.
3. Generate an OAuth access token under your TIBCO Cloud Integration user settings.
4. Use this token on the TIBCO Cloud Integration Swagger page to try out the available functions. Be sure to enable API access for your organizations.
5. Use the POST ​/v1​/subscriptions​/{subscriptionLocator}​/apiservice​/access method to enable API access for any organizations you wish to access and manage using the API. This includes the organization used when you generated the token. For the organization that owns the token, you can use subscriptionLocator 0 to enable API access. See Enabling or Disabling API Access for an Organization with the API.
6. Use the token in your code when sending a call to the API. To use your token, use cURL to make a request to the API that is similar to the following example. Replace <your-oauth-token> with the token you generated.

curl -X GET "https://api.cloud.tibco.com/tci/v1/subscriptions/0/apps" -H  "accept: application/json" -H  "Authorization: Bearer <your-oauth-token>"

Refreshing Your OAuth Token

OAuth tokens are valid for a maximum of 8 hours and must be refreshed periodically using a refresh token. Refresh tokens are valid for 7 days. See OAuth Access Tokens for additional details and examples.

To configure TIBCO Cloud™ Integration to generate refresh tokens: 

1. Configure an OAuth client under your TIBCO Cloud Integration user settings. This is required if you plan to refresh access tokens programatically. Be sure to copy the Client Secret immediately and store it in a safe location.
2. Generate an initial OAuth access token under your TIBCO Cloud Integration user settings.
   1. Select Unlimited duration, refresh periodically. This setting allows you to use refresh tokens. If you select Valid for limited duration, you will need to generate a new token manually and update your code.
   2. Select the OAuth client you configured in Step 1.
   3. Enable the token for the Integration domain. Be sure to copy it immediately and store it in a safe location. The token is only displayed once when it is generated.

Related Topics

API Basics

Authentication