Question

EY
ES
Last activity: 2 Jul 2025 10:36 EDT
Implementing OAuth for external systems
Hi everyone,
We are looking for creating REST services or reuse those services from DX API but we need to connect these services with an intermediary called ESB. This tasks guide us to some kind of security restrictions and we would like to understand how OAuth 2.0 and its architecture works.
I am reaching out to request clarification regarding the implementation of OAuth 2.0 within the Pega Cloud environment. Specifically, I would like to understand whether the OAuth 2.0 authorization server responsible for issuing tokens is architecturally separated from the rest of the Pega Cloud services.
We are interested in the following points:
- The structure of the OAuth 2.0 server within Pega Cloud.
- Whether the token issuance endpoint is isolated from the core application services.
- Any relevant documentation or best practices for integrating with the OAuth 2.0 server in this context.
Thank you so much beforehand!
Best regards,
Carlos