User Authorization • Token Lifecycle • Client Management
The OAuth 2.0 APIs provide a standards-based way to authenticate users, issue and refresh access tokens, and manage OAuth client applications. These APIs implement the OAuth 2.0 Authorization Framework (RFC 6749) and support secure delegated access to Alation’s public APIs.
Features
- User-initiated Authorization Code flow.
- Secure access and refresh token lifecycle.
- Admin endpoints for client registration, updates, deletion and secret rotation.
- Supports public & confidential client types.
API Categories
1. OAuth Authorization
GET /oauth/v1/authorize
GET /oauth/v1/authorizeInitiates the OAuth Authorization Code flow. Redirects the authenticated user with an authorization code.
2. OAuth Token Management
POST /oauth/v1/token
POST /oauth/v1/tokenObtains access and refresh tokens via authorization_code or refresh_token grants.
3. OAuth Client Administration
(Applicable for Server Admins only) Manages OAuth clients.
POST /integration/core/v1/oauth/clients
POST /integration/core/v1/oauth/clientsRegisters a public or confidential client.
PATCH /integration/core/v1/oauth/clients/{client_id}
PATCH /integration/core/v1/oauth/clients/{client_id}Updates client settings.
DELETE /integration/core/v1/oauth/clients/{client_id}
DELETE /integration/core/v1/oauth/clients/{client_id}Deletes a client.
POST /integration/core/v1/oauth/clients/{client_id}/rotate-secret
POST /integration/core/v1/oauth/clients/{client_id}/rotate-secretRotates a client secret.
Authentication
Client authentication
- HTTP Basic (
client_id+client_secret) - OR using body parameters
Admin authentication
Bearer token required for admin routes.
Supported Grant Types
| Grant Type | Purpose |
|---|---|
authorization_code | User login and consent |
refresh_token | Renew access tokens |
Availability
Available only for Alation Cloud Service customers on cloud‑native architecture.
References
- OAuth 2.0 Standard — RFC 6749
- Alation Developer Documentation