Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  1. Getting Started
  2. Setup your tenant

Setting up an API Client (M2M)

PreviousUnderstanding Scopes & ScoresNextConnect your app

Last updated 1 year ago

The video above is not yet taking into account the new "rules" concept; please be mindful that scopes are now to be configured using rules as instructed below. We'll update it soon.

In this section you will learn how to setup an API Client for machine-to-machine communication. Let's assume you want to build your own Quasr Tenant Administration to manage users, clients, factors, etc., or need to connect your own tools such as your CRM software, Unified Communications System, or alike with Quasr.

It is also used when you want to configure your Quasr tenant automatically as part of your DevOps process.

So let's get started:

  • In the Tenant Admin UI, select "Accounts"

  • click "New Account"

  • Select "Client" as Account Type.

  • Enter a meaningful label, for example "API Client"

  • Leave the status to its default ("Enabled")

  • Leave the "External" checkbox unchecked

  • Switch to the "Permissions" tab

    • Permissions: select "Admin Access"

  • Switch to the "OAuth 2.0" tab

    • Allowed Grant Types: select "Client Credentials"

    • Access Token Expiration: (optional) adjust the expiration to your needs, by default it is set to 1 day, the maximum possible expiration is 30 days

    • Client Authentication: select "Client Secret"

    • Client Secret Factor: select the only available option, the Secret factor

  • Save & Exit

In case you don't see secret as an available factor to choose from go back to "Factors" and check whether the secret factor is enabled.

After the client settings are saved, you will see a dialog showing the client secret and a sample cURL command to retrieve an access token for this client. Note that you only see the client secret in the clear once and never again. Make sure to note it down securely, otherwise you would need to re-create it if you forget it.

Copy & paste the cURL command into a terminal. Note the empty scope parameter; if you execute the command it will fail as an empty string is not allowed. We must first configure allowed scopes for the client through rules.

Once the client is created, go the details by clicking the edit icon, and go the Rules tab. Click New Rule and select the 'Admin Access' control.

Once completed you can now execute the previous command but make sure to add the desired scope name instead of the empty string, in this case https://api.quasr.io/scopes/admin.

This is where machine clients come into play, which we also consider an "account". These machine clients will need an Access Token with a specific scope https://api.quasr.io/scopes/admin in order to communicate with the .

Quasr Admin API
Setting up an API Client for Machine-to-Machine (M2M) in the Quasr Tenant Admin UI.
Creating a new account under Accounts in the Quasr Tenant Admin UI.
Client settings during account creation in the Quasr Tenant Admin UI.
Permissions during account creation in the Quasr Tenant Admin UI.
OAuth 2.0 settings during account creation in the Quasr Tenant Admin UI.
Client secret dialog upon new client secret creation.
Rules after account creation in the Quasr Tenant Admin UI.
Rule creation in the Quasr Tenant Admin UI.
Terminal example using the CURL command provided in the client secret dialog.