Guides
FEEDBACKGet API Updates
Start typing to search…
  1. documentation

Authentication

The authentication of the API is based on a OAuth2 clients credentials flow, which generally speaking means you need to use a long-lived secret to generate a short-lived access token with which you can access the API resources.

API endpoints in this page
  1. Create an access token for consuming the API.
🪪

Your vendor id is: {user.vendor_id}

Perquisites

To successfully authenticate your application and access our APIs, you will need the following five pieces of information:

  1. Tenant URL: The customer's specific Armis Centrix™ instance URL, including the trailing slash (e.g., https://acme.armis.com/). Please obtain this directly from your Armis customer representative.
  2. Vendor ID: An identifier unique to your developer account or integration, obtained when you register on our developer portal. Your vendor id is {user.vendor_id}.
  3. Client ID: The email address of the user account within Armis Centrix™ that was used to generate the Secret Key.
  4. Secret Key: The confidential credential generated by your customer within the Armis Centrix™ user interface, paired with the Client ID.
  5. Scopes: The specific permissions required by your access token to interact with the desired API endpoints. Each API endpoint's documentation will specify its necessary scopes.
📘

Don't have a Secret Key yet?

No problem! Just ask your customer to navigate to /settings/api-management within their Armis Centrix™ tenant. They can generate a Secret Key for you there. Once you receive it, make sure to store it somewhere safe and secure!

📘

The FULL_VISIBILITY scope

This is a special scope that is automatically associated with any user that has access to data from all sites and all boundaries in a tenant.

Obtaining an access token

To access the API, you must first obtain an access token by making a POST request to the /oauth/token endpoint.

Example

curl -X 'POST' \
  'https://api.armis.com/v3/oauth/token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "audience": "<tenant_url>",
  "client_id": "<client_id>",
  "client_secret": "<client_secret>",
  "grant_type": "client_credentials",
  "vendor_id": "{user.vendor_id}",
  "scopes": ["<scope1>", "<scope2>"]
}'
{
    "access_token": "<access_token>",
    "token_type": "Bearer",
    "expires_in": 900
}

Detailed recipe

Calling API endpoints

Once you have obtained an access token, it must be included in the Authorization header as a Bearer token for all subsequent API calls.

## Example

curl 'https://api.armis.com/v3/some/endpoint' \
  -H 'Authorization: Bearer <access_token>'

Updated about 2 months ago