For secure access to the APIs, the Aruba Central API Framework plug-in supports the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. protocol for authentication and authorization. The access tokens provide temporary and secure access to the APIs. The access tokens have a limited lifetime for security reasons and the applications should use the refresh API to obtain new tokens periodically (every 2 hours).
The API call volume rate-limit is seven (7) calls per second, per customer.
The following figure illustrates the API gateway workflow for the users:
Important Points to Note
- The admin user has a tab which displays all the apps and tokens generated locally in the admin user profile. This tab also displays all the apps created in the non-admin user profiles. Clicking these apps lists out all the associated tokens created for the non-admin user profile.
- For users with limited group scope, the menu will appear in the left menu when you click the keywords like Groups or Sites in the context selector.
For more information, see the following topics: