Skip to main content

OAuth1 to OAuth2 Instructions

Starting with the 22.1 release, we removed our legacy public OAuth1 API endpoints because they require non-FIPS compliant SHA1 hashing. This removal includes the legacy WCF (Windows Communication Framework) endpoints, Swagger for these legacy endpoints, and OAuth1 middleware. To replace the OAuth1 endpoints, you can use the OAuth2 versions of the legacy APIs released in 21.4 which are FIPS compliant. You will experience the same functionality with the OAuth2 APIs as you did with the OAuth1 APIs. The only exception is that the GET/workflows/id/package call now returns a file instead of a binary object in the response.

Subscription, V1, and V2 endpoints will continue to be supported under OAuth2.

How To Convert from OAuth1 to OAuth2

Update Your Scripts

  • If you are currently on 21.4 and upgrading to 22.1 or any following releases, you can update the API scripts without any downtime because 21.4 has the OAuth1 and OAuth2 APIs available. We recommend you update your OAuth1 API scripts before upgrading.

  • If you want to upgrade to 22.1 from a Server version other than 21.4, then after the upgrade you will need to update your scripts to the OAuth2 APIs before your scripts can be operational.

  • You have to update your OAuth1 API calls with the new OAuth2 pattern. To do this, you will need to update 2 aspects of the existing scripts:

    • Change the base URL from <hostname>/gallery/api/ to <hostname>/webapi/.

    • Change the authorization type from OAuth1 to OAuth2.

  • If you upgrade to 22.1 and try to run OAuth 1 APIs without updating your API scripts, those scripts will fail.

It is estimated that this update should take around 4 hours maximum. This estimate applies if you are following the best practices and have authentication and base URL defined in a single place. If you authenticate in multiple places and scripts, and use full and hardcoded URLs in multiple places and scripts, the update process might be more tedious. To speed things up, you can use a find and replace.


Perform a quick smoke test to make sure validations work correctly. However, as we do not know how you use the API, it is impossible to say how long the testing will take.


The differences between requests and responses for OAuth1 and OAuth2 are minimal and are listed below:

  • GET v1/jobs/{id} now includes newlines and whitespace where it did not before. Depending on how you process the response, this may require adjustments to your scripts.

  • GET v1/workflows/{id}/package returns a file instead of a JSON blob.

  • GET v1/jobs/{id}/output/{id} requires a format parameter in Oauth2. In Oauth1, this parameter was optional.

    Format parameter required for Oauth2 version.

To find out more about the conversion and its impact, go to Conversion Instructions.