Setting up an API Client for Machine-to-Machine (M2M) in the Quasr Tenant Admin UI.
The video above is not yet taking into account the new "rules" concept; please be mindful that scopes are now to be configured using rules as instructed below. We'll update it soon.
In this section you will learn how to setup an API Client for machine-to-machine communication. Let's assume you want to build your own Quasr Tenant Administration to manage users, clients, factors, etc., or need to connect your own tools such as your CRM software, Unified Communications System, or alike with Quasr.
It is also used when you want to configure your Quasr tenant automatically as part of your DevOps process.
This is where machine clients come into play, which we also consider an "account". These machine clients will need an Access Token with a specific scopehttps://api.quasr.io/scopes/admin in order to communicate with the Quasr Admin API.
So let's get started:
In the Tenant Admin UI, select "Accounts"
click "New Account"
Creating a new account under Accounts in the Quasr Tenant Admin UI.
Select "Client" as Account Type.
Enter a meaningful label, for example "API Client"
Leave the status to its default ("Enabled")
Leave the "External" checkbox unchecked
Switch to the "Permissions" tab
Permissions: select "Admin Access"
Switch to the "OAuth 2.0" tab
Allowed Grant Types: select "Client Credentials"
Access Token Expiration: (optional) adjust the expiration to your needs, by default it is set to 1 day, the maximum possible expiration is 30 days
Client Authentication: select "Client Secret"
Client Secret Factor: select the only available option, the Secret factor
Save & Exit
Client settings during account creation in the Quasr Tenant Admin UI.
Permissions during account creation in the Quasr Tenant Admin UI.
OAuth 2.0 settings during account creation in the Quasr Tenant Admin UI.
In case you don't see secret as an available factor to choose from go back to "Factors" and check whether the secret factor is enabled.
After the client settings are saved, you will see a dialog showing the client secret and a sample cURL command to retrieve an access token for this client. Note that you only see the client secret in the clear once and never again. Make sure to note it down securely, otherwise you would need to re-create it if you forget it.
Client secret dialog upon new client secret creation.
Copy & paste the cURL command into a terminal. Note the empty scope parameter; if you execute the command it will fail as an empty string is not allowed. We must first configure allowed scopes for the client through rules.
Once the client is created, go the details by clicking the edit icon, and go the Rules tab. Click New Rule and select the 'Admin Access' control.
Rules after account creation in the Quasr Tenant Admin UI.
Rule creation in the Quasr Tenant Admin UI.
Once completed you can now execute the previous command but make sure to add the desired scope name instead of the empty string, in this case https://api.quasr.io/scopes/admin.
Terminal example using the CURL command provided in the client secret dialog.
