Getting Started Using the OAuth 2.0 Authorization Server

  1. Determine if your application can utilize the Authorization Server.

    The OCLC OAuth 2.0 Authorization Server allows clients to log users in to their appropriate identity provider at the relevant institution and is built on our Identity Management (IDM) infrastructure. Your application must be consuming one of our web services that utilizes IDM to use the Authorization server.
    • WMS Acquisitions API
    • WMS Circulation API
    • WMS Collection Management API
    • WMS NCIP Service
    • WMS Vendor Information Center API
    • WorldCat Metadata API
    • WMS License Manager API
  2. Request a WSkey for your application

    We’ve added a new field for new WSKey requests where you’ll need to set the Redirect URL for your application in order to use the Authorization Server. You can add this information to an existing WSKey by contacting OCLC Support with the WSKey string, the web service, and the Redirect URL for your application.
  3. Read our documentation on Access Tokens and the two OAuth flows we currently support
  4. Contact Us with Questions. Make sure you follow Getting Help Debugging Guide

Requesting a Sandbox WSKey to use with the Authorization Server

Our infrastructure for development and testing is still evolving at the moment. If you want to test the Authorization Server in a Sandbox context, you will need to do the following

  1. Request a Sandbox WSkey via Service Config with the appropriate Redirect URL for your application
  2. Once you have received a WSKey, contact us with your WSKey asking to for credentials to test the Authorization Server in the Sandbox. We will send you back a testing account which you can use.
  3. Let us know if you have any questions or issues during your testing.