Last updated

Gravitee integration: use cases and API calls

User login and exchange token

Obtain an access token using an identity provider (IdP) login, or via static auth fallback.

API calls

Exchange an IdP access token for a Gravitee token (if exchange flow is configured).

Note: the same OIDC provider has to be configured for the project SSO and Gravite AM access.

POST /auth/oauth2/gravitee-am-oidc/_exchange?token=<accessToken>

Potential fallback

It is possible to use a static authentication based on configuration. Static auth details are used from the adapter config and are primarily intended for debugging.

developerOnboarding:
  auth:
    static: HARD_CODED_TOKEN

Get the list of user apps

Fetch a list of applications the user has access to within Gravitee.

API calls

Retrieve all user applications from Gravitee.

GET /applications?size=-1 

Get details about the specific app

Fetches detailed information about a single application in Gravitee.

API calls

1. Retrieve application details

GET /applications/{appId}

2. Retrieve the application subscription

Fetch the application's subscriptions (shared and exclusive key modes).

GET /applications/{appId}/subscriptions?applicationId={appId}&size=-1&statuses=ACCEPTED&statuses=PAUSED&statuses=PENDING

3. Retrieve subscription details

Fetch the subscription details to get subscription keys.

GET /subscriptions/{subscriptionId}?include=keys

Get the list of available APIs

Fetches available API products (potentially filtered, see Notes below).

/apis?size=-1

Create a new app

Create a new Gravitee application and subscribe it to specified API products.

API calls

1. Create an application

POST /applications

2. Fetch API plans

Retrieve available plans for each specified API product and select the plan to subscribe to. The plan with API_KEY security and AUTO validation is preferred.

GET /apis/{apiProductId}/plans?size=-1

3. Subscribe to plan

Subscribe the created application to the selected API products.

POST /subscriptions

Revoke app credential

Revoke an application credential in Gravitee.

API calls

The API call is based on the API key mode of the credential.

Revoke a shared mode credential.

POST /applications/{appId}/keys/{credentialId}/_revoke

Revoke an exclusive key mode credential.

POST /subscriptions/{subscriptionId}/keys/{credentialId}/_revoke

Roll app credential

Creates a new key for an application credential

API calls

1. Fetch application details

GET /applications/{appId}

2. Create a new key

The call is based on the API key mode.

Create a new key for a shared mode credential.

POST /applications/{appId}/keys/_renew

Create a new key for an exclusive key mode credential.

POST /subscriptions/{subscriptionId}/keys/_renew

3. Retrieve the app credentials

Retrieve the app credential and find the information on the renewed credential.

3.1 Fetch the application's subscriptions (shared and exclusive key modes).

GET /applications/{appId}/subscriptions?applicationId={appId}&size=-1&statuses=ACCEPTED&statuses=PAUSED&statuses=PENDING

3.2 Fetch the subscription details to get subscription keys.

GET /subscriptions/{subscriptionId}?include=keys

Notes

API product filtering: the adapter allows restricting API product retrieval based on a catalog (catalogApiProducts).