| copyright | lastupdated | subcollection | ||
|---|---|---|---|---|
|
2021-05-05 |
AnalyticsEngine |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:pre: .pre} {:tip: .tip} {:note: .note} {:important: .important}
{: #retrieve-iam-token-serverless}
Get started with the {{site.data.keyword.iae_full_notm}} API by authenticating your requests to the service with an {{site.data.keyword.Bluemix_short}} Identity and Access Management (IAM) access token.
An access token is a temporary credential that expires after 1 hour. After the acquired token expires, you must generate a new token to continue calling the {{site.data.keyword.iae_full_notm}} API. To maintain access to the service, regenerate the access token for your API key on a regular basis. {: important}
The recommended method to retrieve a token programmatically is to create an API key for your {{site.data.keyword.Bluemix_short}} ID and then use the IAM token API to exchange that key for a token.
You can create a token in two ways:
- By using the {{site.data.keyword.Bluemix_notm}} REST API
- By using the {{site.data.keyword.Bluemix_short}} CLI
{: #create-token-with-ibm-cloud-rest-api}
To create a token in {{site.data.keyword.Bluemix_notm}}:
-
Sign in to {{site.data.keyword.Bluemix_notm}} and select Manage>Security>Platform API Keys.
-
Create an API key for your own personal identity, copy the key value, and save it in a secure place. After you leave the page, you will no longer be able to access this value.
-
Use the API key you created with the IAM identity token API to generate an IAM token. For example:
curl -X POST \ 'https://iam.cloud.ibm.com/identity/token' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=<your iam api key>'
{: codeblock}
For details on the API syntax, see IAM identity token API.
This is a sample of what is returned:
{ "access_token": "eyJraWQiOiIyMDE3MDgwOS0wMDowMDowMCIsImFsZyI6…", "refresh_token": "zmRTQFKhASUdF76Av6IUzi9dtB7ip8F2XV5fNgoRQ0mbQgD5XCeWkQhjlJ1dZi8K…", "token_type": "Bearer", "expires_in": 3600, "expiration": 1505865282 } -
Use the value of the
access_tokenproperty for your {{site.data.keyword.iae_full_notm}} API calls. Set theaccess_tokenvalue as the authorization header parameter for requests to the {{site.data.keyword.iae_full_notm}} APIs. The format isAuthorization: Bearer <access_token_value>.For example:
Authorization: Bearer eyJraWQiOiIyMDE3MDgwOS0wMDowMDowMCIsImFsZyI6IlJTMjU2In0...
{: #create-token-with-ibm-cloud-cli}
Before you can create a token by using the {{site.data.keyword.Bluemix_notm}} CLI, check that you have met the following prerequisites:
- You have a valid IBMid.
- You have downloaded and installed the {{site.data.keyword.Bluemix_notm}} CLI.
To create a token using {{site.data.keyword.Bluemix_notm}} CLI:
-
Log in to the {{site.data.keyword.Bluemix_notm}} CLI:
ibmcloud api https://cloud.ibm.com ibmcloud login <enter your credentials>
{: codeblock}
If you have multiple {{site.data.keyword.Bluemix_notm}} accounts, you'll be asked to choose an account for the current session. Also, you'll need to choose an organization and space in {{site.data.keyword.Bluemix_notm}}.
-
Fetch the IAM access token:
ibmcloud iam oauth-tokens
{: codeblock}
The output returns the IAM token.
When you use the token, remove
Bearerfrom the value of the token that you pass in API calls. {: note}