Invalid Apikey when generating access token for Core Content App

KamelMsalmi
KamelMsalmi Member
edited August 27 in Services #1

I'm new to Opentext world and I'm trying to connect a SAP BTP application to Opentext in order to upload/download files.

To do I subscribed to trial Core Content app. Then in the Admin Center I created 2 clients services one for the tenant and another for the Core Content application.

Then I tried these apikeys using the API to generate a token but usually get 401 Unauthorized.

I followed this discussion But I don't have any action to reset tenant password.

I found a Reset tenant password in the user menu, but it changes the password used to connect to Core Content app and Admin center app which is different from the tenant password according to the same discussion

Could you please help,

Thank you and best regards

Tagged:

Answers

  • I also tested client_credentials flow with only client_id/client_secret and I tried both keys but still getting 401 Unauthorized

  • LazarescuA
    LazarescuA E Community Moderator

    Hello @KamelMsalmi ,

    Let me explain a bit the concepts behind API access and our SaaS apps.

    Core Content is a SaaS application that has 2 layers: the backend (which has all the REST API services to upload/download/manage documents and data) and the frontend (which allows you to embed and communicate with the UI portion).

    When you get a Core Content Subscription, you get access to the frontend part. In the admin center you can manage different users, groups, authentication, etc. Under the Integrations part, yes, you can define a new Service Client but that will allow you to get an access token for the UI integration, not for the backend services.

    To test it, you can use the following information in order to obtain the token with your current credentials:

    • URL: {{auth_url}}/otdstenant/{{tenant_id}}/oauth2/token
    • Body:
      • client_id: «your client_id»
      • client_secret: «your client_secret»
      • grant_type: password
      • username: «your user_name»
      • password: «your password»
      • client_data: subName=«your subscription_name»
      • scope: otds:roles otds:groups readwrite subscription:«your subscription_name»
    • Content-Type: x-www-form-urlencoded

    The auth_url will depend on which region you have created your Core Content account, if you post your URL that you are using to access the Core Content subscription, I can guide you further.

    Now, what you want actually, is to have access to the backend API. For that, you will need to start a Developer Cloud trial by going here https://developer.opentext.com/plans and creating a new Information Management Services Trial. Warning: you will be asked in which Region you want it created, the Region should be the same as your Core Content trial. The email address should be the same as the Core Content admin email address.

    After successfully creating the Developer Trial, the Admin center for it will look a bit different as you will now see a top level of an Organization. Which is above the "Tenant" level. You need to delete the default tenant that was created automatically and add a new tenant by clicking the "Add tenant" and then "Attach an Existing Tenant" button. Enter your Core Content tenant ID and then you will be guided through the process.

    Once you finish, click on the left menu on the App management > Apps and click the Add button to add a new application. Click on "Extend Existing App" and select your tenant from the list and the Core Content application from the dropdown. At the end of this process, you will have on the screen the generated Public Client ID and Confidential Client ID and Secret. Keep them in a safe place!

    At this point, you can use all the APIs described in the https://developer.opentext.com/services/apis API section and you should now be able to login using your client ID and client secret.

    I hope this is clear, if not, post here where you get stuck.

  • Great explanation. helped me too!

    Thanks

    Sander

  • Hello @LazarescuA,

    Thank you for your detailed answer!

    I followed these steps and get blocked at "Attach an Existing Tenant" button. Enter your Core Content tenant ID and then you will be guided through the process."

    it says :

    I guess it's because the 2 url are not in the same region:

    Admin (us): https://admin.us.opentext.com/organization/2f8804bf-48ad-4ec1-9fc6-3a3112b2653f/tenants

    Core Content Admin (na-1-dev) : https://admin.na-1-dev.opentext.com/tenants/3ef0ccf8-afa4-4336-ba6f-a0c4b43696cb

    Knowing that when I created the 2 trials I selected USA for both!

    Thank you for your help

    Kamel

  • LazarescuA
    LazarescuA E Community Moderator

    Hello @KamelMsalmi ,

    You are right, the 2 trials are in 2 different regions, one is in North America Build&Test (na-1-dev) and another is in the US zone. So they cannot access the data from one to another.

    Seems that trials to na-1-dev are no longer supported. I cannot help here, maybe @Roger K can help.

  • Roger K
    Roger K E Community Moderator

    Hi @KamelMsalmi

    The Core Content trials are currently in the older na-1-dev region and by default do not provide API access for developers.

    The Developer self-service trials now support choosing a region for your trial in us, au or ca - but the us region is not in the same data centre as the na-1-dev region even though both are in the United States.

    Your Core Content trial would have been provided to you via some concierge process and not through self-service. Therefore in order to have API access to your Core Content tenant and instance the trial account owner would have to request that via your OpenText account rep, that an Organization be created within the na-1-dev region in the same name/email as the Core Content tenant admin - and a Core Content Developer plan assigned to that Organization.

    Then you would be able to follow the steps outlined here: https://developer.opentext.com/services/developertools/developer-admin/documentation/saas-application-extension-developer-concepts-overview/1

    I hope that helps - if not, please come back to me.

    I also want to correct one thing @alex said above. The correct supported tenant token url is: <region>.api.opentext.com/tenants/<tenant_id>/oauth2/token. Whilst the /otdstenant/ variant works now it is not guaranteed to work in the future.