OAuth2.0 authentication

Create your own secure API authentication tokens

Use OAuth 2.0 authentication for the Xtremepush External API, so that you can create, manage and delete tokens independently for different connections.

To create a new key you will need an RSA public key and a JWT Token.

Generate RSA keys

This section describes a method that can be used to create RSA keys using a command line interface tool (for example PowerShell on Windows or Terminal on MacOS), but there are other methods.

  1. Create a Java KeyStore file:
keytool -genkey -alias <UNIQUE_KEY_IDENTIFIER> -keyalg RSA -keystore xtremepush.jks

This command will ask you for additional information. In the last step type yes and press Enter.

  1. Import keys from the KeyStore:
keytool -importkeystore -srckeystore xtremepush.jks -destkeystore xtremepush.p12 -deststoretype PKCS12
  1. Export the public and private keys:
openssl pkcs12 -in xtremepush.p12 -nokeys -out pubcert.pem
openssl pkcs12 -in xtremepush.p12 -nodes -nocerts -out privatekey.pem

Add the public key to Xtremepush

  • Open the newly generated pubcert.pemfile.
  • Skip the header and copy the certificate part of the file which starts and ends with "-----". Also include the line endings when copying.
  • Go to Xtremepush and navigate to Settings > Integrations > API Integration > Add Public Key.
  • Type the <UNIQUE_KEY_IDENTIFIER> that was used to create the Java KeyStore file in Client ID.
  • Type the certificate key in the Public field area.

It is possible to delete tokens from this same page by clicking on each token's Options menu > Delete.

Create a JWT token

To create a JWT token you will need a token generator: https://jwt.io/

  1. Open up the JWT generator tool.
  2. At the top of the page select algorithm: RS256
  3. Copy and paste the following in the payload section:
    "exp": 1541054464,
    "iat": 1521054464

//iss: use the same value that was used to create Java KeyStore file
  sub: use the same value that was used to create Java KeyStore file
  exp: expiration time, use this tool https://www.epochconverter.com/
  iat: This is the time when this JWT was created. This can be any value in history
  1. Copy the contents of a private key that was created earlier (only the part that begins and ends with "-----") and put it in the private key box in the Verify Signature section
  2. It is also possible to verify that the public key is valid by adding public key contents to the public key box.
  3. Copy the JWT token that was generated

Use the JWT token for authorization

You can obtain XP authorization token by making a REST API call to the /api/oauth/token endpoint. Make sure to add the following header to the request:

Authorization: Bearer <jwt_token>

Add the Authorization: Bearer <authorization_token> header when attempting to make REST API calls to Xtremepush's External API.