Generating an API authorization token

Generate an API authorization token to authenticate to Cloud Pak for Data APIs.

Tokens and API keys are subject to authorization checks. Invocation of API endpoints depends on the role and permissions that you are granted in the Cloud Pak for Data platform and services.

Before you begin

To get an API authorization token, you must generate an API key by using the Cloud Pak for Data web client. For more information, see Generating API keys for authentication. You can use the web client when SAML 2.0 is configured as a web SSO.

You can also generate an API key programmatically by using the apiKey endpoint but this endpoint requires a Bearer token and is not recommended.

About this task

You can use your username and api_key to generate a ZenApiKey authorization token to invoke Cloud Pak for Data APIs. This method requires one API call to an endpoint.

Note: A ZenApiKey does not expire but you can revoke it and regenerate it at any time for increased security.

Procedure

To generate an API authorization token, follow these steps.

Generate the ZenApiKey token by using the following command.
```
echo "<username>:<api_key>" | base64
```
Replace <username> and <api_key> with the correct values for your environment.
Optional: Export the ZenApiKey token from the response in step 1 to an environment variable if you need to use it in multiple situations.
```
export TOKEN=<base64-encoded-user-api-pair>
```
Use the ZenApiKey token to authenticate to an endpoint.
```
curl -H "Authorization: ZenApiKey ${TOKEN}" "https://<cpd_instance_route>/<endpoint>"
```
For more information, see Authentication in the Cloud Pak for Data Platform APIs.

What to do next

For most Cloud Pak for Data endpoints, you can use the generated API authorization token in the authorization header of subsequent API calls.

curl -H "Authorization: ZenApiKey ${TOKEN}" "https://<cpd_instance_route>/<endpoint>"