Cortex® Xpanse™ provides the bearer token as part of
the on-boarding process for API access.
Cortex® Xpanse™ is moving away from refresh tokens
for API access credentials and implementing the OAuth2.0 standard
client credentials grant type. Self-service client credentials are
currently supported for the Cortex Xpanse SDK and custom integrations.
You are not required to use client credentials at this time, but
it is recommended. Support for client credentials for Cortex Xpanse-built
integrations will be added in a future release. We will notify you
when your Cortex Xpanse integration is ready for use with client
The Cortex® Xpanse™ Expander API is only available via HTTPS.
The API provides authentication via long-lived refresh tokens and
If you require a new refresh token or need to rotate your existing
refresh token, contact your Customer Success Manager.