Back to top

Tutorial — Authentication

OAuth 2.0

Knox Manage recommends you to create a dedicated user, called API client, with API write access on a tenant when authenticating via OAuth, and then create an OAuth client for this API client. See Adding API clients for how to do this. By creating a dedicated API client, you can control permissions of the API client without affecting other non-API clients.

If an API client is deactivated, all associated OAuth clients are also automatically deactivated.

Authenticating via OAuth requires the following steps:

  1. Create a Client
  2. Generate a Token
  3. Make Authenticated Requests (Bearer Authentication)

Create a Client

You must first create an OAuth client in Admin Portal UI of the Knox Manager. To do this, you must be an administrator of your Knox Manage tenant. This is a one-time operation. You will be provided with a Client ID and a Client Secret. Please refer to the Manage API clients, as it will be required for the next step.

Generate a Token

After creating a client, you must make a call to obtain a bearer token using the Generate an OAuth token operation. This operation requires the following parameters:

  • client_idM — the Client ID displayed when you created the OAuth client in the previous step.

  • client_secret — the Client Secret displayed when you created the OAuth client in the previous step.

  • grant_type — must be set to client_credentials.

Token Request URL

https://{Your Region}

Bearer Authentication

To authenticate subsequent API requests, you must provide a valid bearer token in an HTTP header:

  • Authorization: Bearer{bearer_token}

Is this page helpful?