Public API v1 → Create Token Endpoint
About the /tokens endpoint
When requesting your initial access and refresh tokens, you will access the /tokens endpoint with a POST request. Access tokens allow request access to other API endpoints. A refresh token is paired with your access token, and is used in the /refresh endpoint to obtain new access and refresh tokens. Subsequent requests for a refreshed access token will use the /refresh endpoint.
For information about how to get started with Public API v1, refer to References → Public API v1.
For information about how to refresh an access token, refer to Public API v1 → Refresh Token Endpoint.
Access tokens have a ten minute expiration and refresh tokens have a thirty minute expiration.
Use the HTTPS
or HTTP
scheme according to your installation.
Request URL
Use one of the following URLs to call the /tokens endpoint.
https://<cluster_URL>/incorta/api/v1/tokens
https://<server address>:<port>/incorta/api/v1/tokens
Request body
Following is a json template of a /tokens endpoint request:
{"tenantName": "string","loginName": "string","requestHash": "string","timestamp": number}
tenantName: String value of the user’s tenant
loginName: String value of the user login name.
requestHash: A concatenated hex string, using the sha256 hashing algorithm, of the API Key and the request epoch timestamp in milliseconds.
timestamp: The request epoch timestamp in milliseconds
The loginName value is the user login name and not the user display name.
By default, there is a 30 minute valid window between the request timestamp and the receiving endpoint timestamp. You can configure the valid request duration in the internal configurations, “public.apis.tokens.request.duration”.
Creating a requestHash and timestamp
The following are simple example code snippets for creating your timestamp and requestHash values. Be aware that the syntax and methods used may vary depending on your language version.
Python version: 3.5
import hashlibimport timeimport calendar# Create the epoch millisecond timestamptimestamp = calendar.timegm(time.gmtime()) * 1000# Enter the user API key as a stringapi_key = "<Your API key>"# Concatenate the api_key and timestamp stringsrequest = (api_key + str(timestamp)).encode('utf-8')# Generate the request hash stringrequest_hash = hashlib.sha256(request).hexdigest()print (f"The epoch timestamp in milliseconds is: {timestamp}")print ("The sha256 request hash is: " + request_hash)
Javascript version ES8
async function digestMessage(message) {// Encode as UTF-8const msgBuffer = new TextEncoder().encode(message);// Hash the messageconst hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);// Convert ArrayBuffer to Arrayconst hashArray = Array.from(new Uint8Array(hashBuffer));// Convert bytes to hex stringconst hashHex = hashArray.map(b => ('00' + b.toString(16)).slice(-2)).join('');console.log("The request hash is: " + hashHex);}// Create timestampconst timestamp = Date.now();// The user API key as stringconst api_key = "<Your API Key>";// Concatenate the api_key and timestampconst request = api_key + timestamp;console.log( "The epoch timestamp in milliseconds is: " + timestamp );digestMessage(request);
Java version 11
import java.time.Instant;import java.security.MessageDigest;public class Main {public static void main(String args[]) {// Create the epoch timestamp string in millisecondsString timestamp = Long.toString(Instant.now().toEpochMilli());System.out.println("The epoch timestamp is: " + timestamp);// The user API key as a stringString api_key = "<Your API Key>";// Concatenate the api_key and timestamp stringsString request = api_key + timestamp;// Generate the requestHash stringString request_hash = sha256(request);System.out.println(request_hash);}// Sha256 hashing functionpublic static String sha256(String base) {try{MessageDigest digest = MessageDigest.getInstance("SHA-256");byte[] hash = digest.digest(base.getBytes("UTF-8"));StringBuffer hexString = new StringBuffer();for (int i = 0; i < hash.length; i++) {String hex = Integer.toHexString(0xff & hash[i]);if(hex.length() == 1) hexString.append('0');hexString.append(hex);}return hexString.toString();} catch(Exception ex){throw new RuntimeException(ex);}}}
In this Java example, we provide a hashing function for ease of use. As a best practice you can use a public library such as the Apache Commons Codec or Guava: Google Core Libraries for your hashing function.
C# version: 4.0
using System;using System.Security.Cryptography;using System.Text;public class Program {public static void Main(string[] args) {// Get the current timestampDateTimeOffset now = DateTimeOffset.UtcNow;// Convert the timestamp to Unix epoch in millisecondsstring timestamp = now.ToUnixTimeMilliseconds().ToString();Console.WriteLine("The epoch timestamp is: " + timestamp);// The user API key as a stringstring api_key = "<Your API Key>";// Concatenate the api_key and timestamp stringsstring request = api_key + timestamp;// Generate the request hash stringusing (SHA256 sha256Hash = SHA256.Create()){string hash = GetHash(sha256Hash, request);Console.WriteLine("The SHA256 request hash is: " + hash);}}private static string GetHash(HashAlgorithm hashAlgorithm, string input){// Convert the input string to a byte array and compute the hash.byte[] data = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(input));// Create a new Stringbuilder to collect the bytes// and create a string.var sBuilder = new StringBuilder();// Loop through each byte of the hashed data// and format each one as a hexadecimal string.for (int i = 0; i < data.Length; i++){sBuilder.Append(data[i].ToString("x2"));}// Return the hexadecimal string.return sBuilder.ToString();}}
Request hash alternatives
Instead of using a programmatic solution to generate your request hash, you can use resources available online. A site such as currentmillis can be used to get your current timestamp in milliseconds. A hash converter such as emn178.github.io can be used to encode your API key and timestamp. Any generated request hash will always expire 30 minutes after being generated.
Endpoint response
The /tokens endpoint has five possible response codes and payloads.
Code | Description | Payload Response |
---|---|---|
201 | Created | See Token creation: 201 Response |
400 | Bad Request | {"message": "string"} |
401 | Unauthorized | {"message": "string"} |
404 | Not Found | {"message": "string"} |
500 | Internal Server Error | {"message": "string"} |
Endpoint 201 response
{"accessToken": "string","refreshToken": "string","type": "string","accessTokenExpiresAt": number,"refreshTokenExpiresAt": number}
The expire values are in unix epoch time in milliseconds.