O Auth2.0

Knox Manage recommends you to create a dedicated API user with API write access on a tenant when authenticating via OAuth, and then create an OAuth client for this user. See Create an API User for how to do this. By creating a dedicated API user, you can control permissions of the API user without affecting other non-API users.

If a user is deactivated, all of the user's OAuth clients will be automatically deactivated.

Authenticating via OAuth requires the following steps:

  1. Create a Client
  2. Generate a Token
  3. Make Authenticated Requests (Bearer Authentication)

Create a Client

You must first create an OAuth client in Admin Portal UI of the Knox Manager. To do this, you must be an administrator of your Knox Manage tenant. This is a one-time operation. You will be provided with a Client ID and a Client Secret. Please refer to the Manage API clients, as it will be required for the next step.

Generate a Token

After creating a client, you must make a call to obtain a bearer token using the Generate an OAuth token operation. This operation requires the following parameters:

  • client_idM - the Client ID displayed when you created the OAuth client in the previous step.

  • client_secret - the Client Secret displayed when you created the OAuth client in the previous step

  • grant_type - must be set to client_credentials

Token Request URL

https://{Your Region}	

Bearer Authentication

To authenticate subsequent API requests, you must provide a valid bearer token in an HTTP header:

  • Authorization: Bearer{bearer_token}