Authentication

Authentication to the Empirical API begins with a client ID and a client secret. Your organization can create as many ID/secret pairs as needed.

How Client Credentials Work

A client ID and secret pair need to be exchanged for a JWT from our auth provider. The exchange process is a POST to https://empiricalsecurity.fusionauth.io/oauth2/token, authenticated with HTTP Basic auth. Provide the client ID as the username and the client secret as the password. The POST request will need to include two values:

grant_type=client_credentials
scope=target-entity:0c6d5dcc-8bf0-4cd1-bd65-066ef0422369

The response to the POST request will be a JSON object and the JWT will be stored in the access_token key.

Empirical API requests should include an Authorization header with a value of Bearer <JWT>.

Your issued JWT is valid for one hour. A new JWT will need to be retrieved, using the same process, when the expiration time passes. The exp claim in the JWT contains the exact expiration time for the token.

How to Create API Clients

  1. Login, go to Settings, and click "API Clients".

  2. Choose an alias name and click "Create API Client".

  3. Copy and save your Client Credentials.

The client secret will only be visible at the time of creation, so be sure to save it.

API Clients Page
API Client Created
PreviousOverviewNextSearch Syntax

Last updated

Was this helpful?