Skip to main content
Version: 8.4

Authentication

All Operate REST API requests require authentication.

Authentication for SaaS

Authentication via JWT access token

You must pass an access token as a header in each request to the SaaS Operate API. When you create an Operate client, you get all the information needed to connect to Operate.

The following settings are needed to request a token:

NameDescriptionDefault value
client idName of your registered client-
client secretPassword for your registered client-
audiencePermission name; if not given use default valueoperate.camunda.io
authorization server urlToken issuer server-
note

For more information on how to get these values for Camunda 8, read Manage API Clients.

Send a token issue POST request to the authorization server with the required settings:

curl -X POST -H 'content-type: application/json' -d '{"client_id": "RgVdPv...", "client_secret":"eDS1~Hg...","audience":"operate.camunda.io","grant_type":"client_credentials"}' https://login.cloud.camunda.io/oauth/token

You will get something like the following:

{
"access_token": "eyJhbG...",
"scope": "f408ca38-....",
"expires_in": 58847,
"token_type": "Bearer"
}

Capture the access_token value from the response object. In each request to the Operate API, include it as an authorization header:

Authorization: Bearer eyJHb...

Authentication for Self-Managed cluster

Authentication via Identity JWT access token

This authentication method is described in Operate Configuration - Authentication.

Another way to access the Operate API in a Self-Managed cluster is to send cookie headers in each request. The cookie can be obtained by using the API endpoint /api/login. Take the steps in the following example:

Example:

  1. Log in as user 'demo' and store the cookie in the file cookie.txt.
curl -c cookie.txt -X POST 'http://localhost:8080/api/login?username=demo&password=demo'
  1. Send the cookie (as a header) in each API request. In this case, request all process definitions.
curl -b cookie.txt -X POST 'http://localhost:8080/v1/process-definitions/search' -H 'Content-Type: application/json' -d '{}'