For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Obtaining tokens

Every client interacting with push must provide a valid access token with the required scopes for making Push REST API calls. A simple example on how to obtain the token and use the push REST API is shown.


Overview

For mobile client applications, IBM MobileFirstâ„¢ Platform Foundation SDK orchestrates the OAuth flow so that the mobile push client application obtains a valid access token with the required scope.


Procedure

  1. You will have to POST a request to the URL http(s)://<host>:<port>/mfp/api/az/v1/token to get an access token.
  2. Before we can POST the request, you will need to set the scope parameters in the Body.

    For information on push scopes and the semantics that server applications can use as appropriate when obtaining a token, see Table 1.

    Figure 1. Setting the scope

    Setting the scope

  3. Now set the Authorization header by providing the confidential client credentials. For information on configuring a confidential client, see Confidential clients.

    Figure 2. Provide confidential client credentials for Basic Auth

    Provide confidential client credentials for Basic Auth

    Figure 3. Authorization header value set

    Authorization header value set

  4. Submit the POST request to get the access token.

    Figure 4. Invoking push REST API with access token

    Invoking push REST API with access token

    Access token is obtained and is set as value of the Authorization header in the subsequent push REST API invocation.

Parent topic: Security for push notification clients