OAuth 2.0 client registrations

The OAuth 2.0 protocol allows mobile native applications and external applications such as Twitter, Facebook, and Google to communicate securely with Pega Platform over HTTPS. You define OAuth 2.0 client registration data instances to allow external applications to access Pega Platform REST services by using access tokens.

An OAuth 2.0 client data instance is an external application that requests access to Pega Platform. When Pega Platform and the client use OAuth 2.0, they negotiate a token that allows the client to access Pega Platform for a defined period.

The grant types supported by Pega Platform OAuth 2.0 clients are authorization code, client credentials, password credentials, Security Assertion Markup Language (SAML) bearer assertion, and JSON Web Tokens (JWT) bearer assertion. You can use these grant types alone or in combination with each other.

Note: Use OAuth 2.0 to protect the REST services for which the consumer is an application and not an individual user. For example, if an insurance company wants to create new claims adjustment cases, the insurance application can make Pega API REST calls to create the cases. If the Pega API REST services are protected by OAuth 2.0, the client application developer registers the client and uses an access token to make Pega API REST calls. Pega Platform authorizes the application by using the operator ID that is associated with the client during registration, not the operator ID that is associated with the developer.