Client Apps

Client apps are used to integrate 3rd party applications with the Digital Enterprise Suite. A Client App can the various REST APIs to make authenticated requests on behalf of the user that generated the access token.

The Digital Enterprise Suite does not currently support apps authorization (eg. Client Credentials flow) and require an access code flow (standard or PKCE) with a user authorization.

It is possible to edit ( ), delete ( ) or manually generate a token ( ) for an app.

When generating a token for a client app manually ( ), it is possible to specify the expiration of the bearer token.

The certificate URL can be accessed by a non admin user to generate a bearer token using a non administrator account.

Attributes

App id

Also referred to as the Client ID, this uniquely identifies the application and is immutable after the app creation.

Secret

Also referred to as the Client Secret, this is used to signed bearer tokens. Changing this value invalidates all existing tokens.

Name

A user defined name for the app

Description

A user defined description for the app

Redirect URI

Optional redirect URI for the access code OAUTH 2 flow. If unspecified, the redirect URI will not be validated.

Grant

List of access scopes granted to tokens of generated for this app.

Scopes

Grant Scope Description

Repository read

repo_r

Read modeling places.

Repository write

repo_w

Write, deleted, rename and create models in modeling places.

Service execution

service_x

Deprecated scope that was used to transform model types.

Group read

group_r

Read groups.

Group write

group_w

Write, delete, rename and invite to groups.

Graph read

graph_r

Use the SPARQL API on the Digital Enterprise Graph.

Users read

users_r

Read users.

Users write

users_w

Write and delete users.

Admin

admin

The admin API is not documented for customers and this scope should not be used.

Exec. env. read

mvn_r

Query the execution environments and their content.

Exec. env. write

mvn_w

Publish and delete services in execution environments.

Exec. env. download

mvn_d

Download services from execution environments.

Emitter read

emitter_r

Read emitter configuration and audit log files

Emitter write

emitter_w

Write emitter configuration

BPMN execution

bpmn_x

Access the workflow automation API.

CMMN execution

cmmn_x

Access the case automation API.

DMN execution

dmn_x

Access the decision automation API.

Docker Read

docker_r

Download containers build locally.

Assets write

asset_w

Write to the static assets resource.

OpenID

openid

Can be used by Digital Distributed Containers to obtain an Open ID token identity.

OAuth 2 Endpoints

The Authorization and Token endpoints are available in the bottom section of the page.

At this time, we do not support refresh tokens and tokens are issued without expiration.