Make the Authorization Request

ManageEngineAppCreator uses the authorization code grant type. A client application will therefore require an authorization code to get an access token. Generating this code differs based on the client type:

Generating the authorization code is a one-time process provided you generate the access and refresh tokens before it expires.

To generate authorization code for a server-based client application

A web server-based client application is one that is used by multiple users and requires user intervention during authorization. To generate the authorization code for this type of client, you must use redirection-based code generation. The authorization flow is as follows:

  1. The client makes an authorization request to the resource owner by accessing the URL:
    https://appcreatordemo.manageengine.com/iam/oauth/v2/auth?response_type=code&client_id=<client_id>&scope=<scope>&redirect_uri=<redirect_uri>&access_type=offline
    where,
    ParameterTypeDescription
    client_idmandatoryThe client ID that was generated when you registered the client application.
    scopemandatoryThe ManageEngineAppCreator scope that you want to access.
    redirect_urimandatoryOne of the authorized redirect URIs that you associated while registering the client application.
    access_typeoptionalIts value can be offline or online. When you set it as offline, you will receive a refresh token along with an access token only the first time you make this request.
    promptoptionalIts value must be consent. Including this parameter will make the requesting user's consent mandatory whenever they request an access token (using their refresh token).

  2. Upon clicking Accept the request will be approved and the user will be redirected back to the URI of the client application (that was specified in the previous step) with keys in the query string. For example:
    https://www.zylker.com/callback?code=1000.xxxxxxxxe1a88.xxxxxxxx40a3&location=us&accounts-server=https%3A%2F%2Faccounts.manageegine.com
    Key in responseDescription
    codeThis will contain the short-lived grant token that will be required to generate the access and refresh tokens.
    locationThis will contain the domain location of the requesting user.
    accounts-serverThis is the ManageEngine Accounts URL where the access and refresh token can be generated for the requesting user.
    Note
    • The authorization code will be valid for 1 minute
    • If the user rejects the authorization request, they'll be redirected to the URI of the client application (that was specified in the previous step) with error=access_denied in the query string

To generate authorization code for a self client

A self client is an application that does not have a domain and a redirect URI. You can also identify a standalone server-side application performing a back-end job as a self-client.

  1. Go to host:port/iam/developerconsole and register a self-client.

  2. Navigate to the Generate Code tab.
  3. Enter the required scopes, comma-separated.
  4. Select the time duration for which you want the authorization code to be valid.
  5. (Optional) Enter the scope description.
  6. Click CREATE.

    The authorization code will be generated and displayed in a pop-up: