OAuth Access Token Management

Any user who is logged in to TIBCO Cloud, can generate OAuth access tokens. You can use the OAuth tokens for multiple domains. However, you can limit their access to only some of the domains to which you have subscriptions to.

Generating Access Tokens

Perform the following steps to generate an OAuth access token:

    Procedure

  1. On the Settings tab, click OAuth access tokens.

  2. To add a new token, click the Generate token button.

  3. In the Generate OAuth 2 token window, enter a token name. Note that the token names are case-sensitive.

  4. For the access token to be valid for a limited duration, select Valid for limited duration.

    • Select the maximum validity in minutes, hours, or days. Typically, the maximum limit is 30 days.

  5. Alternatively, if you want the access token to be valid for an unlimited duration and refreshed periodically, select Unlimited duration, refresh periodically.

    • From the drop-down, select the OAuth client option you want to use. Ensure that you have configured an OAuth client to use this option.

  6. Select one or more domains for which the access token can be used and then click Generate.

After you click Generate, depending on the option you selected, the access token and the refresh token are displayed. If you click Copy to clipboard, the token is copied as JSON. The token's expiration time is expressed in seconds from the current instant as an "expires_in" attribute in JSON and is also displayed on the UI. To avoid the "401 Unauthorized" error, the client must renew the token before it expires.

Revoking Access Tokens

Revoking is similar to logging out. After you have revoked an access token, anybody using that access token cannot access secure request. You can revoke one or more access tokens any time if you no longer need them. Note that, the revocation of a token takes effect after the call to revoke it is completed. A token cannot be used again after it has been revoked.

    Procedure

  1. On the Settings tab, click the OAuth Access Tokens tab.

  2. To revoke multiple access tokens, select them, and then click Revoke. Alternatively, you can revoke one token at a time by clicking the delete icon.

Generating a Client ID

Another alternative to authenticate REST calls is to obtain cookies by signing in using the email address, password, and your client ID.

Note: This feature is deprecated and might be removed in a future release. TIBCO recommends that you use OAuth access tokens instead of an email address, password, and cookies.

The client ID is unique for a combination of an email address and organization.

Navigate to the Settings tab, click OAuth access tokens tab. In the API access keys section, click Display client ID.