OAuth 2.0 is a protocol for authorization that provides specific authorization flows for web applications and helps in the secure transmission of information between API consumers and web services. You can create an OAuth 2.0 authentication policy to assign to APIs or operations that invoke a process that uses basic authentication.
API Center uses the client credentials grant type for OAuth 2.0 authentication. To enable OAuth 2.0 authentication, you must create an OAuth 2.0 client. You specify the credentials of an organization user with access to run managed APIs and managed API groups that can use the client for authentication, and generate client credentials.
Client access tokens that you use for OAuth 2.0 authentication time out after a defined timeout period. After a token times out, you can't use it. You must regenerate the token. You set the timeout when you create the OAuth 2.0 client, and you can change it later.
You can now assign multiple managed APIs and managed API groups to a single OAuth 2.0 client. You can create a single OAuth 2.0 client to grant access to specific API sets, simplifying authorization control. Disabling or deleting an OAuth 2.0 client invalidates its authorization token, preventing unauthorized API access.