Retrieve a Token

Learn how the API client retrieves a token for SaaS Security API.
The API client can retrieve a token for SaaS Security API using
POST
request to the
/oauth/token
endpoint. To request a token, SaaS Security API submits the request with the OAuth2 client credentials.

Request Headers

Name
Description
Authorization
Base 64 encoded authorization header with (
client_id
,
client_secret
)—delimited with a colon (:)—with grant type and corresponding scope. Example:
Base64(acme:acmesecret)
.
Use the SaaS Security web interface to generate Client ID and Client Secret.

Request Parameters

Parameter
Description
grant_type
OAuth2 grant type. Only client credentials are supported:
grant_type
must be set to
client_credentials
.
scope
Scopes the AP client app is requesting:

Example Request

POST /oauth/token HTTP/1.1 Authorization: Basic YWNtZTphY21lc2VjcmV0 Accept: application/json Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1 Host: api.aperture.paloaltonetworks.com grant_type=client_credentials&scope=api_access

Example Response

HTTP/1.1 200 OK { "access_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJhcGlfYWNjZXNzIl0sImV4cCI6MTQ5MTUy MzA4OCwianRpIjoiZDY2YWJmYWQtOGMzYy00MGQxLThjMWYtOTFjYzBlMTkzMWYxIiwidGVuYW50IjoidGVzdC B0ZW5hbnQiLCJjbGllbnRfaWQiOiJhY21lIn0.vxao73NJcehYkngrI9WvHIxugbhDzOEWDBbR4TS99Eg", "token_type" : "bearer", "expires_in" : 7199, "scope" : "api_access", "tenant" : "test tenant", "jti" : "d66abfad-8c3c-40d1-8c1f-91cc0e1931f1" }

Response Fields

The following table displays the response fields used when you attempt to get a token.
Path
Type
Description
access_token
String
Access token for requests
token_type
String
Type of token
expires_in
Number
Number of seconds until the token expires. No value means it does not expire.
scope
String
Scopes granted
jti
String
Token ID
tenant
String
Tenant name

Recommended For You