Skip to main content
Version: 8.4

Authentication

Authenticate to access the Tasklist API.

Authentication in the cloud

To access the API endpoint, you need an access token.

Your client must send a header in each request:

Authorization: Bearer <Token>

For example, send a request using curl:

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <TOKEN>" -d '{"query": "{tasks(query:{}){name}}"}' http://localhost:8080/graphql

How to obtain the access token

You must obtain a token to use the Tasklist API. When you create a Tasklist client, you get all the information needed to connect to Tasklist.

Refer to our guide on building your own client.

The following settings are needed:

NameDescriptionDefault value
client idName of your registered client-
client secretPassword for your registered client-
audiencePermission name; if not given use default valuetasklist.camunda.io
authorization server urlToken issuer server-

Send a token issue POST request to the authorization server with the following content:

{
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"audience": "<audience>",
"grant_type": "client_credentials"
}

Refer to the following example with curl:

curl -X POST --header 'content-type: application/json' --data '{"client_id": "<client-id>", "client_secret":"<client-secret>","audience":"<audience>","grant_type":"client_credentials"}' https://<authorization server url>

If the authentication is successful, the authorization server sends back the access token, when it expires, scope, and type:

{
"access_token": "ey...",
"scope": "...",
"expires_in": 86400,
"token_type": "Bearer"
}

Authentication for Self-Managed cluster

The authentication is described in Tasklist Configuration - Authentication.