Guides
FEEDBACKGet Updates
Start typing to search…

Authentication

The authentication of the API is based on a OAuth2 clients credentials flow, which generally speaking means you need to use a long-lived secret to generate a short-lived access token with which you can access the API resources.

API endpoints in this page
  1. Create an access token for consuming the API.
🪪

Your vendor id is: {user.vendor_id}

Perquisites

To successfully authenticate your application and access our APIs, you will need the following five pieces of information:

  1. Tenant URL: The customer's specific Armis Centrix™ instance URL, including the trailing slash (e.g., https://acme.armis.com/). Please obtain this directly from your Armis customer representative.
  2. Vendor ID: An identifier unique to your developer account or integration, obtained when you register on our developer portal. Your vendor id is {user.vendor_id}.
  3. Client ID: The email address of the user account within Armis Centrix™ that was used to generate the Secret Key.
  4. Secret Key: The confidential credential generated by your customer within the Armis Centrix™ user interface, paired with the Client ID.
  5. Scopes: The specific permissions required by your access token to interact with the desired API endpoints. Each API endpoint's documentation will specify its necessary scopes.
📘

Don't have a Secret Key yet?

No problem! Just ask your customer to navigate to /settings/api-management within their Armis Centrix™ tenant. They can generate a Secret Key for you there. Once you receive it, make sure to store it somewhere safe and secure!

Obtaining an access token

To access the API, you must first obtain an access token by making a POST request to the /oauth/token endpoint.

Example

curl -X 'POST' \
  'https://api.armis.com/v3/oauth/token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "audience": "<tenant_url>",
  "client_id": "<client_id>",
  "client_secret": "<client_secret>",
  "grant_type": "client_credentials",
  "vendor_id": "{user.vendor_id}",
  "scopes": ["<scope1>", "<scope2>"]
}'
{
    "access_token": "<access_token>",
    "token_type": "Bearer",
    "expires_in": 900
}

Detailed recipe

Obtain an access token
Open Recipe

Calling API endpoints

Once you have obtained an access token, it must be included in the Authorization header as a Bearer token for all subsequent API calls.

## Example

curl 'https://api.armis.com/v3/some/endpoint' \
  -H 'Authorization: Bearer <access_token>'

Updated about 1 month ago