API Security

ADSP clients are bearer-only clients. This means that you cannot use these clients to retrieve access tokens for your application work. In fact, the only reason these clients have been configured in your tenant is to add additional security when making ADSP API calls.

Configure an Audience

Some ADSP services, such as the File Service, require that it’s ID is included as part of an access token’s audience. If your client needs to access one of these services you can set up the audience as follows.

First, select clients on Keycloaks left side-menu, and then select the client you are using; in this example its the auto-test-client.

Next, select the Mappers tab, and then click on the Create button. This will bring you to a page that allows you to create a new mapper.

Select an Audience mapper type, and then the service you wish to include in the AUD portion of the access token generated for this client i.e.