GuidesAPI ReferenceSign-UpRecipes
Guides

API Authentication

Suggest Edits

There are two methods of authentication available for the CPM platform API, API key authentication and OAuth 2.0 JWT authentication. This guide will explain how to use each of these authentication methods.

API Key Authentication

API Key Authentication requires a key to be added to every request, this key can be managed in our UI or API and has a configurable expiry period. It is an option to create one without an expiry period.

How To Create an API Key

Visit the CPM UI, navigate to the Admin section, then to Integrations and then to Credentials.

You will then be able to create a new API Key. If you select an expiry date, remember you will have to update the key before it expires to avoid a service disruption.

How To Use an API Key

The API Key should be put in to the X-API-Key header of all authenticated requests to the platform, as shown below:

X-API-Key: <API KEY>

OAuth 2.0 Authentication

OAuth 2.0 Authentication follows the OAuth 2.0 standard for authentication. A client id and client secret needs to be used to create a JSON Web Token (JWT) that is added to the API request. This JWT lasts for a maximum of 24 hours, and must be cached and reused until it expires. Note: it is important to cache and reuse the JWT, over-use of the JWT creation endpoint is a breach of our fair usage policy.

How to Create a JWT

To generate a JWT, you need to make a request to Auth0, our authentication provider. The URL for this request will follow the format:

<auth-url>/oauth/token

Request Body Format

The body of the request should look like this:

{
	"client_id": "<client-id>",
	"client_secret": "<client-secret>",
	"audience": "<audience-url>",
	"grant_type": "client_credentials"
}

Field Breakdown:

  • client_id: Your DataGuard CPM client id.
  • client_secret: Your DataGuard CPM client secret.
  • audience: The URL of the DataGuard API you’re requesting access to, specific to your environment.
  • grant_type: This should always be set to "client_credentials".

You can find your client_id and client_secret by navigating to the CPM UI, then going to Admin > Integrations > Credentials and selecting the OAuth 2.0 Clients tab.

Environment-Specific URLs

The <auth-url> and <audience-url> will vary depending on your environment. For the correct values, refer to the Environments page.

Important Note

Once you have successfully created a JWT, cache it and reuse the same token until it expires (usually after 24 hours). This will help prevent unnecessary requests for new tokens.

How To Use a JWT

The JWT should be put in to the Authorization header of all authenticated requests to the platform. The JWT is a "Bearer" token, so it must have "Bearer" in front of it when added to the header, as shown below:

Authorization: Bearer <JWT>

Updated about 1 month ago