API Settings

API settings in Login 3.0 define how APIs are configured, secured, and accessed by authorized applications. These settings include token lifetimes, role-based access control (RBAC), and permissions. All API settings are managed in collaboration with the UPBOND team.

Steps to Configure API Settings

  1. Contact the UPBOND Team:

    Provide the following information:

    • API name or identifier.

    • Specific settings you wish to configure, such as token expiration or RBAC policies.

  2. Configuration by UPBOND:

    The UPBOND team will:

    • Update the requested API settings.

    • Ensure the configuration aligns with your application’s requirements.

  3. Validate Settings:

    Test the API to confirm that the updated settings are functioning as expected.

Token Settings

  • Maximum Access Token Lifetime:

    Default: 24 hours (86400 seconds). Maximum: 30 days (2592000 seconds).

    Define how long access tokens remain valid.

  • JWT Profile:

    Choose between Login 3.0 and RFC 9068 for token formatting.

  • JWT Signing Algorithm:

    Recommended: RS256 for enhanced security.

    Tokens are signed with the tenant’s private key and verified with the public key.

  • JWE (JSON Web Encryption):

    Encrypt access tokens to add an extra layer of security.

Access Settings

  • Allow Offline Access:

    Allow applications to request refresh tokens for long-lived access.

Machine-to-Machine Applications

Authorize machine-to-machine applications to access the API. Provide the UPBOND team with a list of applications requiring access and the desired scopes.

Testing APIs

Login 3.0 automatically creates a test application for API testing. For additional testing configurations, request the UPBOND team to set up machine-to-machine applications tailored to your requirements.

PreviousAPIsNextScopes

Last updated

Was this helpful?