Skip to main content
Each configured user has the option to authenticate to the Admin API with either an authtoken or OAuth 2.0. For more information about configuring users and user roles, see User Management and Roles.

Using Authtokens

Authtokens can be used within API requests in several ways:
  • Include an x-cdata-authtoken header in the HTTP request with the value set to an appropriate user’s authtoken
  • Treat the user and authtoken as a username/password combination for HTTP Basic Authentication
  • Include the authtoken in the request URL as a query parameter
To include the authtoken in the request URL, follow these steps:
  1. Open the Settings page.
  2. Select the Admin API tab.
  3. In the Other Settings section, select Allow Authtoken in URL.
The syntax of the authtoken query parameter is @authtoken=myAuthTokenValue.

Using OAuth 2.0

OAuth 2.0 provides a structured authentication flow for clients that need to manage token lifecycles or integrate with external applications. To enable OAuth 2.0, follow these steps:
  1. Click the Settings icon on the navbar.
  2. Click Add User to add a new user or click the link on an existing user’s name to edit a user.
  3. Click the API Access tab, then check Enable OAuth Access. Complete the following fields:
    FieldDescription
    Grant TypeThe OAuth 2.0 grant type that determines how the client application obtains an access token. Client Credentials is currently the only option.
    Client IdThe system-generated client Id token.
    Client SecretThe system-generated client secret. Make sure to copy it to a safe location before saving the user, because it is not shown again.
    Access URLThe endpoint URL used by the client application to request an access token using the configured credentials.