Implementing Two-Way TLS

Mutual or 2-Way TLS is typically used when the user context is not present and a Client/Server application is registered through the SEI Integration Portal. Per SEI’s Information Security requirements, the SM service account is used to mint the Oauth token by using grant_type = client_credentials and implemented with IP whitelisting.

API Basics

API Keys

API keys, also known as the AppKey and AppSecret, are a way to authenticate applications. Upon registering an application with SEI Developer Portal, a consumer key and secret pair is generated. This serves as an application identifier and is unique to each application registered with the Developer Portal. The key/secret must be encoded base 64 to be utilized to obtain an OAuth Token.

How to Revoke an OAuth or Refresh Token

Revokes the specified oauth2 access token or refresh token, as well as the associated access/refresh token.

How to Call an OAuth Token

Request Parameters

How to Authorize an API

Upon successful client login, the authorize API will redirect with HTTP 302 to the redirect_url provided and set the state and access code in URL parameters.

Request Parameters

How to Create the OAuth and Refresh Token

Request Parameters

Parameters can either be in the query string or x-www-urlencoded-form.

How to Test

1. Use your preferred tool to test. We use the tool Postman.

2. Download the collection for your registered application.

3. If you have not yet imported the environments,

   1. Click on the settings button in the right hand corner of Postman.

   2. Click on the Import button on the “Manage Environments” page

   3. Open each environment and fill in the respective variables: AppKey, AppSecret, Username, Password