Test Client

Manage settings that affect the features and capabilities of the Test Client tool, to optimize the user experience for app developers and API Admins using Test Client.

Table of Contents

Who are the different audiences for the Test Client tool?

The Test Client tool is intended for use by several different audiences:

  • API Admins testing their API and also testing what the user experience will be for app developers using this tool with their API. For more information about Test Client for API Admins, see API Testing with Test Client (API Admin help).
  • App developers who have a contract with a specific API, testing their app against the API. For more information about Test Client for app developers, see Trying Out APIs in Test Client (available to all users).
  • Users looking at the site but not yet signed in, who might want to try out an API without supplying the context of their specific app (anonymous users).

What is the Site Admin's role with regard to the Test Client tool?

The Site Admin is responsible for various key values that determine the potential capabilities of Test Client. The options available to APIs on the platform, and therefore to app developers in the context of a specific API, are determined to some degree by the Site Admin. For example, if the platform's OAuth Provider domain only supports OAuth 2.0, APIs can only support OAuth 2.0.

The key user audience of Test Client is the app developer. However, the app developer's experience in Test Client, in terms of the features and options available, is influenced by a number of factors:

API options: The options specified by the API Admin in the API setup, specifically:

API Details:

  • Endpoints supported
  • Operations supported
  • Whether the API is proxied
  • Policies supported (available policies, and policy definitions, are controlled by the Sys Admin)

API OAuth Details:

  • For each endpoint, the OAuth Provider domain (available options for platform OAuth Provider domain determined by Site Admin)
  • If platform domain is not used—all details of the OAuth Provider
  • The OAuth version or versions that the API supports
  • Mapping of scopes to API operations (available scopes determined by Site Admin or Business Admin)

Platform settings: Options specified by the Site Admin, specifically:

OAuth Provider Domain Setup:

  • Grant types supported, with associated values such as timeout values and whether refresh tokens are supported.
  • Resource owner authentication domain.
  • Access token type supported.
  • Scopes.
  • Grant properties.
  • Details about the branding page that users will see when requesting access (in Test Client, app developers will see this page).

Policy Manager settings: Options specified by the Sys Admin, in Policy Manager, specifically:

What are the AtmosphereApplicationSecurityPolicy settings and how do they affect Test Client?

The settings specified in Policy Manager for the AtmosphereApplicationSecurityPolicy determine which signing algorithms the platform supports. These values in turn influence the user interface presented to users in Test Client.

Below you'll see the basic options available in Policy Manager and in Test Client. If you need to troubleshoot missing settings in Test Client, coordinate with the Policy Manager Administrator, as needed, to modify the AtmosphereApplicationSecurityPolicy definition in Policy Manager.

For more information about this policy, see Using the API Consumer Application Security Policy.

  1. Navigation in Policy Manager: {Tenantname} > Policies > Operational Policies > API Security
  2. Navigation in Community Manager developer portal: Choose app or API > Test Client > choose API or app > click the Security button and view the Token Algorithm drop-down.

AtmosphereApplicationSecurityPolicy settings