Skip to main content

Question

 Carlos Javier Alvarez Jimenez (CarlosJavierA17224435)
EY

EY
ES
CarlosJavierA17224435 Member since 2024 1 post
EY
Posted: Jun 24, 2025
Last activity: 3 weeks 1 day ago
Posted: 24 Jun 2025 16:38 EDT
Last activity: 7 Jul 2025 11:17 EDT

Implementing OAuth for external systems

Hi everyone,

We are looking for creating  REST services or reuse those services from DX API but we need to connect these services with an intermediary called ESB. This tasks guide us to some kind of security restrictions and we would like to understand how OAuth 2.0 and its architecture works. 

I am reaching out to request clarification regarding the implementation of OAuth 2.0 within the Pega Cloud environment. Specifically, I would like to understand whether the OAuth 2.0 authorization server responsible for issuing tokens is architecturally separated from the rest of the Pega Cloud services.

We are interested in the following points:

  1. The structure of the OAuth 2.0 server within Pega Cloud.
  2. Whether the token issuance endpoint is isolated from the core application services.
  3. Any relevant documentation or best practices for integrating with the OAuth 2.0 server in this context.

Thank you so much beforehand!

Best regards,

Carlos

***Edited by Moderator Marissa to add Capability tags***
To see attachments, please log in.
Pega Platform 24.2.2
Pega Platform
System Administration
Government
Lead System Architect

  • Reply
  • Maria Martin Raso
Posted: 3 weeks ago
Posted: 2 Jul 2025 10:36 EDT
Marissa Rogers (MarissaRogers)
MOD
Principal Knowledge Management Specialist
Pegasystems Inc.
US

@CarlosJavierA17224435

In Pega Cloud, the OAuth 2.0 Management Services allow you to manage token-based security for user sessions. The OAuth 2.0 server is responsible for issuing tokens and is designed to grant access to protected resources without revealing long-term credentials. The architecture typically involves a separation between the OAuth 2.0 authorization server and core application services, ensuring that token issuance is handled securely. For integrating with the OAuth 2.0 server, you can refer to the OAuth 2.0 Management Services documentation, which outlines the REST endpoints and their purposes, including keys endpoints and token introspection endpoints. This structure helps maintain security while allowing external systems to access Pega services over HTTPS.

⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references. OAuth 2.0 Management Services

Authenticating requests in services

To see attachments, please log in.
Posted: 3 weeks ago
Posted: 7 Jul 2025 11:17 EDT
Carlos Javier Alvarez Jimenez (CarlosJavierA17224435)
EY

EY
ES

@MarissaRogers Where can I check or who I need to talk to to check the architecture is separated between OAuth 2.0 authorization server and core application services? 

I was reading the docs mentioned but this information does not appear. 

Thanks you so much beforehand.

Carlos.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice