Client Apps
Client apps are used to integrate 3rd party applications with the Digital Enterprise Suite. A Client App can the various REST APIs to make authenticated requests on behalf of the user that generated the access token.
The Digital Enterprise Suite does not currently support apps authorization (eg. Client Credentials flow) and require an access code flow (standard or PKCE) with a user authorization.
It is possible to edit ( ), delete ( ) or manually generate a token ( ) for an app.
When generating a token for a client app manually ( ), it is possible to specify the expiration of the bearer token.
| The certificate URL can be accessed by a non admin user to generate a bearer token using a non administrator account. |
Attributes
App id |
Also referred to as the Client ID, this uniquely identifies the application and is immutable after the app creation. |
Secret |
Also referred to as the Client Secret, this is used to signed bearer tokens. Changing this value invalidates all existing tokens. |
Name |
A user defined name for the app |
Description |
A user defined description for the app |
Redirect URI |
Optional redirect URI for the access code OAUTH 2 flow. If unspecified, the redirect URI will not be validated. |
Grant |
List of access scopes granted to tokens of generated for this app. |
Scopes
| Grant | Scope | Description |
|---|---|---|
Repository read |
repo_r |
Read modeling places. |
Repository write |
repo_w |
Write, deleted, rename and create models in modeling places. |
Service execution |
service_x |
Deprecated scope that was used to transform model types. |
Group read |
group_r |
Read groups. |
Group write |
group_w |
Write, delete, rename and invite to groups. |
Graph read |
graph_r |
Use the SPARQL API on the Digital Enterprise Graph. |
Users read |
users_r |
Read users. |
Users write |
users_w |
Write and delete users. |
Admin |
admin |
The admin API is not documented for customers and this scope should not be used. |
Exec. env. read |
mvn_r |
Query the execution environments and their content. |
Exec. env. write |
mvn_w |
Publish and delete services in execution environments. |
Exec. env. download |
mvn_d |
Download services from execution environments. |
Emitter read |
emitter_r |
Read emitter configuration and audit log files |
Emitter write |
emitter_w |
Write emitter configuration |
BPMN execution |
bpmn_x |
Access the workflow automation API. |
CMMN execution |
cmmn_x |
Access the case automation API. |
DMN execution |
dmn_x |
Access the decision automation API. |
Docker Read |
docker_r |
Download containers build locally. |
Assets write |
asset_w |
Write to the static assets resource. |
OpenID |
openid |
Can be used by Digital Distributed Containers to obtain an Open ID token identity. |