To access the API of a service provider, you must create an application with that service provider. Creating an application provides you with a consumer key (also known as an API key or application key) and a consumer secret (also known as an API secret or application secret).

To create an application, log in to the developer community of the service provider, select Create New Application, or similar option, and fill out the required information. See Supported service providers for links to service providers documentation for developers. In this topic, we take a look at how this is done with Twitter.

1. First, log in to https://developer.twitter.com/en/apps/, creating a new account if necessary, and click Create an app in the top right corner.
   
   
   
   

2. Fill out the required information, such as the name and description of the application, and read through Twitter terms of service before accepting.

   One of the fields in the form is a Callback URL. This is the URL that Twitter redirects a browser to after the user has accepted to let your application interact with the Twitter account on the user's behalf. This field must be set to the path OAuthCallback under the folder in which the Management Console is deployed. For example, if running with an embedded Management Console, it runs at http://localhost:50080/. In this case, the callback URL would be specified to http://localhost:50080/OAuthCallback. However, note that some service providers do not allow a callback URL containing localhost. Twitter is one of those providers, so use http://127.0.0.1:50080/OAuthCallback instead.

   

   Alternatively (and this is required by some service providers), you need to specify the hostname or non-loopback IP address of the computer on which you are running Management Console. As this page is loaded by the browser of the authenticating user, this cannot be a public hostname or IP address.

   Note All service providers require an HTTPS connection if the IP address is other than 127.0.0.1. In this case, the Management Console must also be configured to use SSL. For more information, see the Tomcat documentation on using SSL.

   After creating the application, a summary of the application appears. You must copy some of these values into Management Console.

3. Open Management Console in a browser. Use the same IP address or hostname that was entered as the callback URL.

   In the example below, we point our browser to http://127.0.0.1:50080/.

4. Navigate to Repository > OAuth and click the plus sign in the upper left corner.

   The "New application" dialog box appears.

5. Select a project and specify the following information.

   • Name: Specify a name for the application. It does not need to be the same name as was used when you created the application at the service provider.

   • Service provider: Select the service provider. To follow the example above, select Twitter.

   • Consumer key and Consumer secret: Copy these values from the summary page of the application presented by the service provider. For the Twitter example procedure, see Step 2.

   • Callback URL: Specify the callback URL. For the Twitter example procedure, enter http://127.0.0.1:50080/OAuthCallback.

   • Scope: Some service providers additionally require that you specify a scope, such as what parts of the API that a user authorizes the application to access. For example, when accessing Google, the scope https://www.google.com/analytics/feeds/ must be specified if the application should be allowed to access the Google Analytics Data API. Twitter does not use the scope field, so leave this field blank if you are following the example procedure.

   • Commit message: You may add a description for the commit.

6. Click OK

   You have now set up an OAuth application in the Management Console.

To edit the application later, click > Edit. The consumer secret will be displayed as "(encrypted)" for security reasons.

To delete an application, select it in the table and click the click the bin icon in the upper left corner. You are prompted to confirm the deletion.