Create OAuth 2.0 access token to call Pega API
This knowledge sharing article shows an implementation pattern of calling a Pega API, which requires an OAuth 2.0 authentication. It shows how to generate an OAuth 2.0 access token and how to call a Pega API using the access token to auto create cases in Pega application.
Client use case
This is a technical user story. Client wants to unit test a Pega API (POST/cases) to create a new case in Pega application. Client requires to use OAuth 2.0 authentication method when invoking the API. In practice, an external system will invoke the Pega API to automatically create cases.
Configurations
The configurations are organized into three parts:
- Configure an OAuth 2.0 Client Registration instance in Pega.
- Generate an OAuth 2.0 access token (using Postman)
- Call Pega API - POST/cases (using Postman)
(Part A - Configure an OAuth 2.0 Client Registration instance in Pega)
Step 1 - Create a new OAuth 2.0 Client Registration instance in DEV Studio.
In this example, we specified an Operator ID in the client credentials section. This Operator ID is mapped to an access group that has access to the case type.
Click to regenerate the client secret and download the client credentials file.
Step 2 - Save the instance.
(Part B - Generate an OAuth 2.0 access token (using Postman))
Step 1 - Copy the Access token endpoint value from the client credentials file generated above.
Step 2 - Configure a Postman request to invoke the access token endpoint.
Set the URL and the key-value pair under Headers.
Set the key-value pairs under Body.
- client_id and client_secret can be copied from the client credential file.
Step 3 - Click Send to generate an access token.
Go to jwt.io and copy & paste the access token string to decode. As we can see, the decoded information shows the same Operator ID ([email protected]) that we specified in the OAuth 2.0 client registration above.
(Part C - Call Pega API - POST/cases (using Postman))
Step 1 - Copy and paste the access token to call Pega API (Post/cases)
Step 2 - Specify the Request data and click Send to get a successful response
Step 3 - Verify that the APP-2005 case is created successfully in Pega.
Additional information
- Note that the api service is set to require OAuth 2.0 authentication.
Please feel free to leave any comment or question.
Updated: 14 May 2025 8:27 EDT
Anamata
NL
@Will Cho Thanks for this insight!
Just FYI, if anyone is interested in more in depth knowledge on how to use the Pega Constellation DX APIs (and, for example, how to utilize the APIs for software testing), reach out to the Pega Academy. They have a dedicated course on this topic.
(Or reach out to me. I'm one of the trainers 😉)