LogoLogo
  • Empirical Security
    • Overview
    • Authentication
    • Search Syntax
    • Errors
  • Products
  • Empirical.Models.Global
  • Empirical.Models.EPSS
  • Legacy - Exploit Intelligence Service
  • API References
    • CVEs
    • Search
    • Get Score History
    • Specification
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Empirical Security

Authentication

Authentication to the Empirical API begins with a client ID and a client secret. Your organization can create as many ID/secret pairs as needed.

PreviousOverviewNextSearch Syntax

Last updated 1 month ago

Was this helpful?

How Client Credentials Work

A client ID and secret pair need to be exchanged for a JWT from our auth provider. The exchange process is a POST to https://empiricalsecurity.fusionauth.io/oauth2/token, authenticated with HTTP Basic auth. Provide the client ID as the username and the client secret as the password. The POST request will need to include two values:

grant_type=client_credentials
scope=target-entity:0c6d5dcc-8bf0-4cd1-bd65-066ef0422369

The response to the POST request will be a JSON object and the JWT will be stored in the access_token key.

Empirical API requests should include an Authorization header with a value of Bearer <JWT>.

Your issued JWT is valid for one hour. A new JWT will need to be retrieved, using the same process, when the expiration time passes. The exp claim in the JWT contains the exact expiration time for the token.

How to Create API Clients

  1. Login, go to Settings, and click "API Clients".

  2. Choose an alias name and click "Create API Client".

  3. Copy and save your Client Credentials.

The client secret will only be visible at the time of creation, so be sure to save it.

API Clients Page
API Client Created