Introduction

To integrate with the Juniper Service APIs, it is simple. Decide on an authentication mechanism, review the onboarding process for the authentication mechanism chosen and then submit a request here (coming soon). Juniper will contact you via email and provide a document with YOUR protected API URLs and other metadata. You can then commence integration testing.

Client OIDC-based Onboarding Process

OIDC-based authentication uses a Client IdP-issued ID token. This table lists the high-level steps for setting up authentication and invoking the Juniper Service APIs.

Action Who?
Review the Juniper Service APIs license/Terms of Use. Partner
Open the firewall ports. Partner and Juniper
Register the Juniper API gateway app in the partner's IdP. Partner
Exchange the ID token with Juniper.This ID token is to be provided in the Authorization header of the API requests. Partner
Generate and share the unique application ID with the partner.This application ID must be provided in every API request JSON payload. Juniper
Create a Partner profile in the Juniper API gateway with OIDC as the authentication mechanism. Juniper
Create APIs and assign the Partner profile. Juniper
Share the API endpoints with the Partner. Juniper
Validate that the partner can invoke the APIs by passing the ID token in the Authorization header. Partner
Establish the Customer Source Identifier. Juniper and Partner collaborate

Client OAuth2.0-based Onboarding Process

This table lists the high-level steps for setting up OAuth2.0 authentication and invoking the Juniper Service APIs.

Action

Who?
Review the Juniper Service APIs license/Terms of Use. Partner
Open the firewall ports. Partner and Juniper
Generate and share the unique application ID with the partner.
This application ID must be provided in every API request JSON payload. 		Juniper
Generate OAuth2.0 credentials (clientID, secret) and share with partner. Juniper
Create a Partner profile in the Juniper API gateway with OAuth2.0 as the authentication mechanism. Juniper
Create APIs and assign the Partner profile. Juniper
Share the API endpoints along with token endpoint with the Partner. Juniper
Validate that the partner can invoke the APIs by passing the Access token (which is obtained by request to token endpoint) in the Authorization header. Partner
Establish the Customer Source Identifier. Juniper and Partner collaborate
Specify to Juniper an email aliases that is to be used for providing Juniper to provide new secret that would need to be used when the time to rotate the secret arrives (once a year). Partner

Client Certificate-based Onboarding Process

Certificate-based authentication uses a client/application public certificate when invoking APIs. The following table lists the high-level steps for setting up authentication and invoking the Juniper Service APIs.

Action

Who?
Review the Juniper Service APIs license/Terms of Use. Partner
Open the firewall ports. Partner
Create the X509 private/public key pair for the Partner application. Partner
Provide Client Certificate to Juniper.
For Non-Production environment, you may choose to provide Self-Signed certificate. If providing self-signed certificate ensure that you provide Juniper the complete Certificate Chain (Intermediates, Root certificates) which were used to sign the given self-signed certificate.
For Production environment, a CA issued certificate must be provided. 		Partner
Create the Partner profile in the Juniper API gateway with the Client certificate as authentication mechanism. Juniper
Create APIs and assign the Partner profile. Juniper
Generate and share the unique application ID with the Partner.
This application ID is to be provided in every API request JSON payload. 		Juniper
Share the API endpoints with the Partner. Juniper
Validate that the partner can invoke the APIs presenting the certificate during the SSL handshake. Partner
Establish the Customer Source Identifier. Juniper and Partner collaborate