You can configure the authorization between the client and the server using the authorization flow Authorization code with proof key to secure access. This involves creating a client secret relevant to register the authorization flow, and then re-using the client secret when exchanging the authorization code for an access token.
The following example shows the changes you must make to the server web.config file.
<intergraph.webApi>
<security>
<oauth issuer="https://auth.hexagonppm.com/sam/oauth" requiredScopes="" />
<cors allowedOrigins="*" allowedMethods="*" allowedHeaders="*" exposedHeaders="" allowCredentials="false" preflightMaxAge="600" />
</security>
<services baseUri="">
<service prefix="API/V2" id="CF188428-F90A-48E0-B788-A592197932DC" secret="E*re|;C+/Ax=/oNu/D5qpV+i].[QV-Bhr%J?+%O[R0DC^1bK^HNQN8emoyn;Lv@6" instance="" />
</services>
</intergraph.webApi>
-
The scope value must be set to empty so that the client can request all scopes.
-
The resource id value must be set to identify the API that is being used. This value can be found in the id attribute and client secret when registering the service in Smart API Manager. The id attribute value changes each time a different issuer is used.