Authentication
Authentication to the Empirical API begins with a client ID and a client secret. Your organization can create as many ID/secret pairs as needed.
Last updated
Was this helpful?
Authentication to the Empirical API begins with a client ID and a client secret. Your organization can create as many ID/secret pairs as needed.
Last updated
Was this helpful?
A client ID and secret pair need to be exchanged for a JWT from our auth provider. The exchange process is a POST to https://empiricalsecurity.fusionauth.io/oauth2/token, authenticated with HTTP Basic auth. Provide the client ID as the username and the client secret as the password. The POST request will need to include two values:
The response to the POST request will be a JSON object and the JWT will be stored in the access_token
key.
Empirical API requests should include an Authorization
header with a value of Bearer <JWT>
.
Your issued JWT is valid for one hour. A new JWT will need to be retrieved, using the same process, when the expiration time passes. The exp
claim in the JWT contains the exact expiration time for the token.
Login, go to Settings, and click "API Clients".
Choose an alias name and click "Create API Client".
Copy and save your Client Credentials.