OAuth 2.0 for REST Calls in ITPAM
search cancel

OAuth 2.0 for REST Calls in ITPAM


Article ID: 214377


Updated On:


CA Process Automation Base


We have a requirement where we need to execute some REST calls with Authorization type as OAuth 2.0. How can this be done through ITPAM? 


Release : 4.3

Component : IT Process Automation


As with most Automation tools, there is usually more than one way to do something. This article will offer two methods. 

Per the OAuth2.0 Specification/RFC (RFC 6749), the client_id must be encoded using the application/x-www-form-urlencoded algorithm. 


This solution uses the HTTP Post Form. This is the recommended solution as it offers a way to more clearly read/track the key values as shown below - using the HTTP Post Form Information -> Form Fields. It should not require anything additional (for example, headers to specify Content-Type = application/x-www-form-urlencoded). 



It is possible to use the HTTP Post operator. However, it involves a little more effort than using the HTTP Post Form. To use the HTTP Post operator you will need to:

  1. Group together all of the form's key/values and separate them using an ampersand character and add this to the HTTP Post Information -> Content input field - as seen in figure 2 below. 
  2. Add the "Content-Type = application/x-www-form-urlencoded" HTTP Headers Information -> HTTP Headers table - as seen in figure 3 below.  


Figure 2



Figure 3

Additional Information

Once your operator is working successfully, one way to use the access_token returned in other operators is to setup the HTTP Post Form's post-execution script to capture the result and add it to a Process variable. For example:

var response=Process[OpName].HTTPResponseContent;
var token = JSON.parse(response);


Please see here for more information on Operator Dataset Variables

Please see here for more information on HTTP Post Form Operator


1665090713280__oauth_kb_screenshots.zip get_app