OAuth Client Manager

NetworkBrain supports Open API achieved by OAuth 2.0 protocol. OAuth Clients are managed in System Management Page > Open API > OAuth Client Manager tab. You can also configure advanced settings for Open API here. 

Add an OAuth Client

Follow the steps below to add an OAuth Client.

1. Go to System Management > Open API > OAuth Client Manager.
2. Click Add OAuth Client, then define the following settings in the Add OAuth Client window.
   
   
   1. In the Name field, give the client a name. 
   2. Token Expiration Time: Select token expiration time. 
   3. Authentication Method: Select from Header/Body/Auto to decide the authentication is carried out using header or body or automatically.
   4. Client Secret Expiration Time: Define the period within which the secret is valid. The secret will become invalid after this period, and you need to reset the client secret. 
   5. Run as User: Click Select in this field, then the Run as User dialog will pop up. In this dialog, select a user associated with the current client ID, then the OAuth Client will run with the same privilege as the selected user.
      
      
3. Click Save in the Add OAuth Client window, an information dialog will appear to provide information about the client secret. Users are prompted to keep the Client ID and Client Secret information. 
   
   
4. View the added OAuth Client. A new OAuth Client will be added as an entry in the Open API table. 

Delete an OAuth Client

Follow the steps below to delete an OAuth Client.

1. Go to System Management > Open API > OAuth Client Manager.
2. Select a target entry from the table, then click Delete from the right-click menu of the entry. 
   
   
3. In the pop-up confirmation dialog, click Yes to delete the OAuth client. 
   
   

Reset Client Secret

Client Secret can be reset, then the previous Client Secret will become invalid and the new Client Secret will be generated. 

1. From the dropdown menu of the target OAuth Client, click Regenerate Client Secret. 
   
   
2. In the pop-up Confirmation dialog, Click Yes. 
   
3. The new Client Secret is generated, and you are prompted to save the new client secret. 
   

Advanced Settings of Open API

It is important to make configurations about Open API to ensure its use. These configurations can be done in Open API Settings.

1. Click the  icon in the OAuth Client Manager Page.
2. In the pop-up window, you can do the following:
   
   
   1. Authentication Method: Three authentication methods are available, and you can select one or more of the authentication methods. The authentication method can influence the use of Open API. 

      1. OAuth 2.0: This is recommended option. 

      2. Token User (Legacy): If this option is not selected, the existing token user will be disabled. Make sure you do not have token users if you choose not to enable this. It is recommended to disable this function and access open API with OAuth 2.0 protocol. However, you can enable token user here and set the token expiration time to continue with token authentication. 
      3. Username/Password(Legacy): This option is selected by default. 
   2. Allow API Access via Protocol: If you upgrade to this version, your original choice is kept. It is strongly recommended to enable HTTPS Only. Using HTTP  may cause data leakage and system risk.
   3.   
   4. API Permission for User: By default, the "API Permission for User" option is disabled, allowing all users to access all APIs. When this option is enabled, users with corresponding privilege can define API groups to manage and assign API access permissions to specific users. 
3. Click Save to save the settings. 
   

   Note: If the Enable OAuth Server over checkbox is unchecked, all the OAuth client_credentials are disabled, and all the client secrets will become invalid.

Important: The Token User authentication method is significantly less secure than the industry-standard using NetworkBrain's Open API (with OAuth 2.0). Some third-party API servers have not yet migrated to the industry-standard and require a single-step authentication method. To maintain backwards compatibility, NetworkBrain has continued the support for these types of tokens. It is strongly recommended to not use tokens for scripting and to migrate to the OAuth 2.0 via the Open API to address security concerns with tokens for API server integration as soon as possible.

To revoke a token user account, disable token user authentication as described in the above session or set the expiration date for the user account when it is added in the System Management > User Accounts tab.
 

NetworkBrain Open API can be downloaded, then users can import the file to API Gateway to use NetworkBrain's Restful API.

1. Go to System Management > Open API.
2. Click Download Open API Specification, and the Download Open API Specification dialog will appear.  
   
3. In the Download Open API Specification dialog, define the following:
   1. Select an API version. By default, the latest API version is selected. 
   2. Select a format. The open API can be exported to JSON or YAML format. 
4. Click Download.