Skip to main content Skip to docs navigation

Access A Protected API

Learn how to authenticate your app to allow access APIs that have been protected by the myMLA SSO platform.

On this page

To call an API that has been protected by myMLA SSO you need to authenticate the application to receive an access token to include in each call to the API. You can share the access token between calls to the protected API.

The below code examples of how to access a protected API are from the demo application. This outlines one way to access a protected API.

Set Up API Call

The HomeController end point ApiCall calls the included API which has been protected by the myMLA SSO platform. The API returns a list of WeatherForecast (the default object used with the default .Net Core API project).

The retrieve the data, first the application attempts to authenticate itself. If this is successful, it then calls the API.

            
    public async Task<IActionResult> ApiCall()
    {
        var model = new List<WeatherForecast>();

        var authenticationResponse = await AuthenticateRequestAsync();

        if (authenticationResponse.IsSuccessful)
        {
            var contentResponse = await GetApiContentAsync(authenticationResponse.Data);

            if (contentResponse.IsSuccessStatusCode)
            {
                model = await contentResponse.Content.ReadAsAsync<List<WeatherForecast>>();
            }
        }

        return View(model);
    }

Authenticate The Request

You need to configure the request with the appropriate values to identify the app. These values are then posted to the myMLA SSO platform token API end point as json. If successful, the end point will return an access token to be used that can be injected into the header to authenticate each subsequent request.

The configuration values are the same as those referenced in the myMLA SSO integration directions.

            
    private async Task<RestResponse<AuthenticationResponse>> AuthenticateRequestAsync()
    {
        var domain = _configuration["myMLA:Domain"];
        var authenticationRequest = new AuthenticationRequest
        {
            ClientId = _configuration["myMLA:ClientId"],
            ClientSecret = _configuration["myMLA:ClientSecret"],
            Audience = _configuration["myMLA:Audience"],
            GrantType = "client_credentials"
        };

        var client = new RestClient($"https://{domain}/oauth/token");

        var request = new RestRequest("", 
                                      method: Method.Post);

        request.AddHeader("content-type", 
                          "application/json");

        request.AddParameter("application/json", 
                             JsonSerializer.Serialize(authenticationRequest), 
                             ParameterType.RequestBody);

        var response = await client.ExecuteAsync<AuthenticationResponse>(request);

        return response;
    }

Get API Content

Now that you have the access token, you need to inject it into the header of the API request. This will allow the API to authenticate your request and return the requested data.

            
    private static async Task<HttpResponseMessage> GetApiContentAsync(AuthenticationResponse? responseData)
    {
        var client = new HttpClient
        {
            BaseAddress = new Uri("https://localhost:7180/")
        };

        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(responseData?.TokenType ?? "Bearer", responseData?.AccessToken);

        return await client.GetAsync("WeatherForecast");
    }