Creating authentication tokens

Edit online

Data and metadata service APIs use a JSON Web Token (JWT) for authentication and authorization. When you call an API by using the HTTP Authorization request header, you must supply an unexpired token that has the proper scope and that is signed by an approved JSON Web Key (JWK).

Before you begin

  1. Find the account, organization, and client IDs.

    1. Log in to Intelligence suite.

    2. Select the organization and account that you are using.

    3. Open the Information page.

      A list of account, organization, and client IDs that you need to access the API services is displayed.

      Note: Client ID is prefixed with the service name.

      In the following client ID example, saascore is a service, so the ID is prefixed with saascore.

      saascore-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    4. Make a note of all the IDs.
  2. Retrieve your API key.
    Note: You receive your API key during your onboarding process. If you have an API key for the Geospatial APIs or HoD APIs, a new key is not required to use Alerts.

Procedure

  1. Generate a JWT token. 
    curl --request GET \ --url 'https://api.ibm.com/saascore/run/authentication-retrieve/api-key?orgId=<<YOUR_ORGID>>' \
 headers:-
'x-api-key: <<EIS_API_KEY>>'
'x-ibm-client-id: saascore-<<YOUR_CLIENT_ID>>'

    Make sure that you replace <<YOUR_ORGID>>,<<EIS_API_KEY>>, and <<YOUR_CLIENT_ID>> with your organization ID, Api key and client ID.

    The result of this call is a JWT token. Save the JWT token for subsequent API calls. JWT tokens typically expire after about 60 minutes after which you need to fetch a new token.

  2. Authenticate your account.

    In the following cURL example, the JWT token is used to authenticate your account.

    curl --location --request <GET/POST> '<INSERT_API_ENDPOINT_HERE>' \
 --header 'x-ibm-client-Id: <service-prefix>-<INSERT_YOUR_CLIENT_ID_HERE>' \
 --header 'Accept: application/json' \
 --header 'Authorization: Bearer <INSERT_YOUR_JWT_HERE> \