API authentication

In this article:

Bearer authentication

To work with the DataClarity API, you must authenticate the requests with Bearer Authentication. Bearer authentication is an HTTP authentication scheme involving security bearer tokens. The bearer token is a cryptic string generated by the authentication server in response to a login request. Then, the client needs to send this bearer token in the Authorization header when making requests to the DataClarity resources:

Authorization: Bearer {bearer-token}

Access tokens provide authentication for the requester and contain permissions of how the authenticated user can use the DataClarity’s API. Users who call REST API methods must have corresponding permissions to perform the task represented by each method that they want to call.

Access tokens expire after some time (30 minutes by default) and require a user to log in again.

Note: The Platform uses OpenID, an HTTP-based protocol that supports federated authentication. In other words, OpenID lets a third-party application authenticate users for you using accounts that you already have.

Get the bearer token

The client can get a user’s bearer token by sending the following API request to the authentication engine:

POST {server}/auth/realms/{tenant}/protocol/openid-connect/token

Authenticate an API request with a bearer token

After you get the bearer token, you can specify it in the authorization header of an API request.

The following is an example of the API request with a bearer token added in Authorization, where “server” is the entry point for the Platform.



curl -X GET "https://{server}/dp/api/v1/aiconnections/types" 
-H "accept: application/json" 
-H "Authorization: Bearer {bearer-token}"

Error codes related to authentication & authorization

The DataClarity‘s API uses standard HTTP response codes to indicate whether an API request was successful.

If you receive one of the following responses, it means that your request was unauthenticated or unauthorized:

Client secret authentication

You can also authenticate some API calls with a client secret instead of a Bearer token. However, such authentication works only for the API calls related to back-end services that do not require separate authentication for each user. For example, you can execute a Python code using the DataClarity Data Science engine. However, Access Manager does not provide a default Client for such purposes, and therefore a new Client should be created and configured in the master console of Access Manager. Please contact the Customer Care Team for further configuration.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.