Authorize external requests to Creatio using OAuth 2.0 authorization
Use OAuth 2.0 protocol to securely authorize third-party apps and web services you integrate with Creatio. This technology does not pass Creatio logins and passwords to third-party apps. OAuth 2.0 also lets you restrict Creatio permissions for the integrated apps.
General procedure to authorize external requests to Creatio using OAuth 2.0 authorization:
- Set up the integration of a third-party app with Creatio using Identity Service. Read more >>>
- Retrieve a
Bearertoken. Read more >>> - Retrieve data from Creatio. Read more >>>
You can use Postman to test requests.
1. Set up the integration of a third-party app with Creatio using Identity Service
-
Set up the Identity Service. Instructions: Set up the Identity Service.
-
Set up the OAuth 2.0 authorization. Instructions: Set up the OAuth 2.0 authorization.
-
Make sure the Identity Service is running.
-
Add a request collection. Instructions: Adding a collection of requests.
For example, add the
Identity Servicerequest collection. -
Create a request.
-
Add a request to the collection. Instructions: Adding requests to the collection.
-
Fill out the request parameters.
Parameter
Parameter description
Parameter value
Request method
GET
Request URL
The URL of the Identity Service website that lets you view the settings.
RequestGET https://myidentityservice/.well-known/openid-configuration -
Save the request.
-
-
Execute the request.
-
As a result, you will ensure the Identity Service is running.
Status: 200 OK
{
"issuer": "creatio.com",
"jwks_uri": "https://localhost:8090/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:8090/connect/authorize",
"token_endpoint": "https://localhost:8090/connect/token",
"userinfo_endpoint": "https://localhost:8090/connect/userinfo",
"end_session_endpoint": "https://localhost:8090/connect/endsession",
"check_session_iframe": "https://localhost:8090/connect/checksession",
"revocation_endpoint": "https://localhost:8090/connect/revocation",
"introspection_endpoint": "https://localhost:8090/connect/introspect",
"device_authorization_endpoint": "https://localhost:8090/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"email",
"phone"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"email",
"email_verified",
"phone_number",
"phone_number_verified"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true
}
2. Retrieve a Bearer token
A Bearer token is an auto-generated token required for external requests that have OAuth 2.0 authorization. Each Bearer token has a finite lifetime, 3600 seconds by default.
To retrieve a Bearer token:
-
Create a request to retrieve a
Bearertoken.-
Add a request to the collection. Instructions: Adding requests to the collection.
-
Fill out the request parameters.
Parameter
Parameter description
Parameter value
Request method
POST
Request URL
The URL of the Identity Service website to retrieve a
Bearertoken.RequestPOST https://myidentityservice/connect/token -
Add the request body.
-
Open the Body tab.
-
Select
x-www-form-urlencodedin the Body option parameter. -
Fill out the body parameters.
Parameter (Key column)
Parameter description
Parameter value (Value column)
client_id
Use the “Client Id” parameter value that Creatio populates automatically. Learn more: Set up OAuth 2.0 authorization for third-party app.
4******6
client_secret
Use the “Client secret” parameter value that Creatio populates automatically. Learn more: Set up OAuth 2.0 authorization for third-party app.
5******C
grant_type
client_credentials
-
-
Save the request.
-
-
Execute the request.
As a result, you will retrieve the Bearer token.
Status: 200 OK
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkY1MDgxRDAyNUE1QkZFRjJCRjQ5RTBFQTY2NENDMERBOTkyNDQzRjBSUzI1NiIsIng1dCI6IjlRZ2RBbHBiX3ZLX1NlRHFaa3pBMnBra1FfQSIsInR5cCI6ImF0K2p3dCJ9.eyJpc3MiOiJjcmVhdGlvLmNvbSIsIm5iZiI6MTY5MjM0NjUxMSwiaWF0IjoxNjkyMzQ2NTExLCJleHAiOjE2OTIzNTAxMTEsImF1ZCI6IkFwcGxpY2F0aW9uQWNjZXNzXzcwMTBjNThhOTU4OTQ2ZGJhYWE0NzM0YjA1ODBjNzQxIiwic2NvcGUiOlsiQXBwbGljYXRpb25BY2Nlc3NfNzAxMGM1OGE5NTg5NDZkYmFhYTQ3MzRiMDU4MGM3NDEiXSwiY2xpZW50X2lkIjoiNDE2RERBMDBFRkVBQzVCQTU3RTdCQTI2OTQ3OEVCNjYiLCJqdGkiOiI3NTlEMDk1NTAxQ0ZEMDc4NTNBOUEzMzI4Q0NBREYyMiIsInByb3A6U3lzQWRtaW5Vbml0SWQiOiI3ZjNiODY5Zi0zNGYzLTRmMjAtYWI0ZC03NDgwYTVmZGY2NDciLCJwcm9wOlR5cGUiOiJBcHBsaWNhdGlvbkFjY2VzcyIsInByb3A6T3duZXJDbGllbnRJZCI6IklkU2VydmljZVVzZXIiLCJwcm9wOlJlc291cmNlSWQiOiJBcHBsaWNhdGlvbkFjY2Vzc183MDEwYzU4YTk1ODk0NmRiYWFhNDczNGIwNTgwYzc0MSJ9.IvhEMTPo1inGos3U1Lnm_1VQy4R0NVT1K3VDIgq1AM5V06K9444_oHeOdlK2r3E-O-A0y9OMwWixobgCX-bVwIIRH64lM0Dkr231-HQW679kJEaDZE0XzYymK1V_LvDm7uEjxeZM_DKeaZbp0ilsOXh8x_2gB1PYcVFVUNKjLW9iSacflHLPQnAfz4NU0vpPRlo3u1kZ9UL1EiiL15ehJ74XYsrozbPRecjFxfmJIoJExHxf-tP3DDSn-jHRZJYXb4jwMX5vDHDjkiw2tWkkFa6JmIVzSy1cYpV8r1xFRgrzyfzFJOtL3PyKJra0UeKYmJ7C3ftDCTrD21E4JUhOkw",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "ApplicationAccess_7010c58a958946dbaaa4734b0580c741"
}
You can now integrate third-party apps or web services with Creatio using OAuth 2.0 authorization. Authorize all external requests to Creatio using the Bearer token.
3. Retrieve data from Creatio
You can retrieve data from Creatio in multiple ways:
- OData 4. Detailed example: Retrieve data from Creatio using OAuth 2.0 authorization and OData 4.
- OData 3. Detailed example: Retrieve data from Creatio using OAuth 2.0 authorization and OData 3.
- DataService. Detailed example: Retrieve data from Creatio using OAuth 2.0 authorization and DataService.
- Web service. Detailed example: Retrieve data from Creatio using OAuth 2.0 authorization and web service.
Regardless of the chosen method, to retrieve data from Creatio:
-
Create a request to retrieve data.
-
Add a request to the collection. Instructions: Adding requests to the collection.
-
Fill out the request parameters:
- Request method required
- Request URL required
- Request body parameters. For example, Body option, Body type, Body value.
-
Save the request.
-
-
Set up the authorization.
-
Open the Authorization tab.
-
Fill out the authorization parameters.
Parameter
Parameter value
Type
OAuth 2.0
Token
e******w
-
Save the request.
As a result, the auto-generated header will be added to the Headers tab. The header has the following parameters.
Parameter
Parameter value
Key
Authorization
Value
Bearer e******w
-
-
Execute the request.
If the token lifetime has expired, i. e. you got the 401 Unauthorized response, retrieve a new Bearer token.
See also
Set up the Identity Service (user documentation)
Set up the OAuth 2.0 authorization (user documentation)