Skip to main content
MindTouch Success Center

Get an OAuth API Token

Applies to:
All MindTouch Versions
Role required:
Admin

MindTouch support for OAuth 2.0 authorization flows is experimental and under development. OAuth API Tokens are presently not covered under MindTouch support plans.

Generate OAuth API Tokens to integrate MindTouch users with your server or backend application.

Working with OAuth API Tokens Using the API

As OAuth API Tokens and authorization flows are under development, the Integrations dashboard does not provide an option for generating OAuth API Tokens. However, for testing and exploration purposes, an OAuth API Token can be created by a technical user, with an administrator role, using the MindTouch API itself.

Locate the MindTouch Auth Token

After signing into the MindTouch site as an administrator, locate and copy the value of the authtoken HTTP Cookie in your web browser's cookie store or developer tools. This authtoken can be used as a temporary bearer token HTTP header in order to create an OAuth API Token with the MindTouch API.

Do not treat bearer tokens in a cavalier manner: secure them as if they were keys to a bank vault.

Create an OAuth API Token

Request

$ curl --request POST --header 'Authorization: Bearer {authtoken}' --data {body} https://{hostname}/@api/site/developer-tokens
 <developer-token type="oauth">
    <name>{name}</name>
    <host>{host}</host>
</developer-token>
Parameters

The parameters that are required or accepted by the API Token creation endpoint

Name Type Description
{hostname} string The MindTouch site hostname
{authtoken} string The MindTouch Auth Token
{body} application/xml; charset=utf-8 The payload describing the OAuth API Token to generate
{name} string The integrated application name or description
{host} string? (optional, required for Authorization Code Flow) The web application hostname(s) (NOTE: This field enforces the same requirements as Browser API Token hostnames)

Response

The response body is in application/xml; charset=utf-8 format

<developer-token id="{id}" type="{type}" date="{date}" href="https://{hostname}/@api/deki/site/developer-tokens/{id}">
    <key>{key}</key>
    <name>{name}</name>
    <host>{host}</host>
</developer-token>
Name Type Description
{hostname} string The MindTouch site hostname
{id} int The token numeric id
{type} {browser, oauth, server} The token type
{date} datetime ISO 8601 representation of the token's creation timestamp
{key} string The token unique public key
{name} string The token name
{host} (optional) string?

Delete an OAuth API Token

Request

curl --request DELETE --header 'Authorization: Bearer {authtoken}' https://{hostname}/@api/site/developer-tokens/{id}
Parameters

The parameters that are required or accepted by the API Token deletion endpoint

Name Type Description
{hostname} string The MindTouch site hostname
{authtoken} string The MindTouch Auth Token
{id} string The OAuth API Token numeric id

Response

The response body is empty and the response status code is HTTP 200 if the OAuth API Token deletion was successful

  • Was this article helpful?