About the author

You can contact Alexandre Oliveira at

Alexandre Oliveira loves developing corporate applications.

1. Introduction

This chapter provides concepts and other information required to perform development tasks in Vecchio Auth.

Include the following topics:

1.1. About Vecchio Auth

Viglet Vecchio Auth allows to create authentication and authorization layers to access API, with proactive monitoring.

1.2. Features

  • Significantly lowers integration costs, decreases total cost of ownership, and reduces deployment risks

  • Connects mobile devices to existing enterprise systems

  • Provides a lightweight API gateway for securing and managing APIs

  • Offers rich integration with many identity and access management platforms

  • Helps streamline regulatory compliance through authentication, authorization, and audit capabilities

2. Mapping Resources

For example, in Mapping Console (http://localhost:2702/console/#!/mapping) add the following URLs:

GitHub - openviglet

Figure 1. Mapping

3. Apps

Create a new App (http://localhost:2702/console/#!/app/new) and copy the values of "Keys and Access Tokens" tab.

sample app
Figure 2. Sample App

Will generate the following keys an tokens for your App, for instance:

Token Value

Consumer Key (API Key)


Consumer Secret (API Secret)


Access Token


Access Token Secret


4. Grant Types

You can access the API Resources using your Access Token, ou generate new Access Token using the followings Grant Types:

4.1. Authorization Code

Use the Consumer Key (API Key) to generate the Authorization Code:

curl -I -X GET 'http://localhost:2702/api/authorize?response_type=code&client_id=4d2aade33fa53baf07d88165e8ecf58f&redirect_uri=http://localhost:2702/console/oauth2/receive_authcode'

Will return the Location, so get the Authorization Code:

Location: http://localhost:2702/console/oauth2/receive_authcode?code=e31d6626d203aaea0811305e33136d59`

Use the Authorization Code to generate the Access Token, for instance: b516216e45610d4be3716c8dfab70985:

curl -I -X GET 'http://localhost:2702/api/token' -d 'grant_type=authorization_code&code=e31d6626d203aaea0811305e33136d59'

4.2. Implicit

Use the Consumer Key (API Key) to generate the Authorization Code:

curl -I -X GET 'http://localhost:2702/api/authorize?response_type=token&client_id=4d2aade33fa53baf07d88165e8ecf58f&redirect_uri=http://localhost:2702/console/oauth2/receive_implicit_token'

Will return the Location, so get the Access Token, for instance: b516216e45610d4be3716c8dfab70985:

Location: http://localhost:2702/console/oauth2/receive_implicit_token?access_token=b516216e45610d4be3716c8dfab70985&state=xyz&token_type=bearer&expires_in=3600

4.3. Using API Resources

Ready! You can access the following API Resources using the Access Token from Authorization Code or Implicit Grant Types or App Settings (Your Access Token), for instance f7d2c3475cae32d1a464bcea3a57023b, if you use an invalid Access Token, it will return empty response.

curl -X GET "localhost:2702/github/openviglet" -H  "accept: application/json" -H  "content-type: application/json" -H  "authorization: Bearer f7d2c3475cae32d1a464bcea3a57023b"

5. Dashboard

Dashboard Console (http://localhost:2702/console/#!/dashboard) shows response time report.

Figure 3. Dashboard shows response time report