Introduction
When building a server-side app that securely stores secrets, use the following procedures to set up your authorization. This tutorial is based on the OAuth workflow, diagram, and steps described in the service app authorization documentation.
Register your application
The first step for authorizing your service app is to register your application.
- If you have not created an application, open the My Apps page under your Profile menu, and click the Register New button. In this case, the application type is Service.
- Make sure to save the
client_id
and theclient_secret
supplied when you create your application.
Obtain an access token
Once you have your app registered, you can obtain an access token by following these steps:
-
Send a request to the authorization server endpoint.
POSThttps://ims.bentley.com/connect/token
Below is an example request along with required parameters. You can obtain the client_id and redirect_uri from your app registration on My Apps. If you didn’t save your client_secret, generate a new one from the same app registration.
- Your application can now use the access token returned by the token endpoint to access APIs.
Use your token
If you received a 200 OK
response to your token request, you have successfully obtained a token. You can use this token to call various iTwin Platform APIs. You can try making an API call to users/me
endpoint to test your token. On success, this request returns the profile information for the user account associated with the token received.
Remember, the iTwin Platform Base URI is api.bentley.com
.
Client
If you're developing a service application and need to handle service authentication, you can utilize a TypeScript client specifically designed for this workflow. This client is available in the iTwin auth-clients repository and can be easily integrated into your project via the npm package @itwin/service-authorization.