User Management is used to control who can access the publicly available APIs of a project. On this page you invite users to access the APIs and apply access roles to these users. This page is not visible by default. API Publishing needs to be enabled to make it visible on the Home menu, This is done on the API Publishing page. where access roles are also defined.
Once a project has been published, users can be invited to access the publicly available API endpoints in the project based.
For example, you can provide a URL to users for them to sign up to a Xapix account to access an API.
Alternately, you can invite users to access a project's API and assign them a specific access role.
To invite a user to a project, follow these steps.
From the Home menu, select User Management.
Click Invite API User, then on the Invite to <Project> page, enter the following:
A valid email address of the user.
Select an access role from the available roles for the user.
Click Invite API User.
The <Project> Users page opens.
Xapix uses the OAuth2 client credentials flow to authenticate public API consumers. With this flow public API consumers are provided with client credentials (Client ID and Client Secret) which are valid until revoked. The client credentials need to be exchanged to a short-lived access token which can then be used to access the API.
When a user is invited to a published project, Xapix automatically generates client credentials for the new user of the project. You can see the Client ID and Client Secret on the API user's details screen after clicking the "Show" button under Options.
To exchange the client credentials to an access token, the API user needs to call the public OAuth2 token endpoint (
https://access.xapix.io/oauth2/token) with the form parameters
client_id=<Client ID> and
client_secret=<Client Secret>. As cURL this would look like the following:
export xapix_client_id=<Client ID>
export xapix_client_secret=<Client Secret>
curl https://access.xapix.io/oauth2/token \
-F client_id=$xapix_client_id \
-F client_secret=$xapix_client_secret \
This returns a JSON response like the following in case the client credentials are valid:
To then invoke an API, provide the above access token as bearer token in the Authorization header of your request. As cURL this would then look like that:
curl https://api.xapix.dev/... \
--header 'Authorization: Bearer <access_token>' \
... other parameters