API Management versions 7.5.X and 7.6.X have reached end of support in November 2020.
Check out the latest version of the documentation.

Set up API Gateway as an OAuth 2.0 server

Note   If you have installed API Manager, the OAuth server capabilities are already installed. You can skip this section.

To set up API Gateway as an OAuth authorization server and OAuth resource server, you must deploy the OAuth services as detailed in Deploy the OAuth service.

The API Gateway provides the following endpoints used to manage OAuth 2.0 client applications:

Description URL

Authorization Endpoint (REST API)


Token Endpoint (REST API)


Token Info Endpoint (REST API)


Revoke Endpoint (REST API)


Client Application Registry (HTML Interface)


Client Application Registry (REST API)


In this table, HOST refers to the machine on which API Gateway is installed.

Note   To enable these endpoints, you must first enable the OAuth listener port in the API Gateway. For more details, see Enable OAuth endpoints.

Enable OAuth endpoints

To enable the OAuth management endpoints on your API Gateway, perform the following steps:

  1. In the Policy Studio tree, select Environment Configuration > Listeners > API Gateway > OAuth 2.0 Services > Ports.
  2. Right-click the OAuth 2.0 Interface  in the panel on the right, and select Edit.
  3. Select Enable Interface  in the dialog.
  4. Click the Deploy  button in the toolbar.
  5. Enter a description and click Finish.
Note   On Linux-based systems, such as Oracle Enterprise Linux, you must open the firewall to allow external access to port 8089. If you need to change the port number, set the value of the env.PORT.OAUTH2.SERVICES environment variable. For details on setting external environment variables for API Gateway instances, see the API Gateway DevOps Deployment Guide.

Related Links