Setting up an OAuth 2.0 client registration

Configure an OAuth 2.0 client registration data instance to allow an external application or mobile native application to access Pega Platform REST services over HTTPS.

Pega Platform can act as both an OAuth 2.0 provider and an OAuth 2.0 client when you use the client credentials grant type. In this grant type, a Pega application can get an access token for its own account, unrelated to a specific user.

To use OAuth 2.0 to protect your REST services, select OAuth 2.0 as the Authentication type in the service package to which the REST services belong. For more information, see Service Package form - Completing the Context tab.

Note: Pega Platform does not support the optional scope parameter that is a part of the OAuth 2.0 specification for endpoints other than Userinfo. The default access group for the OAuth 2.0 operator is the default scope.