Obtain credentials

To use the SecureAuth Identity Store API in your own development environment (not in Postman), you must obtain an access token. Get an access token by first obtaining a client ID and client secret.

This topic explains how developers can obtain credentials for themselves from the Identity Store user interface (UI).

  1. Ask your administrator if you have developer privileges in the identity store you will work in. You'll need to have this privilege to see the client ID and client secret, which look like this:

    Client ID: YXBpLWNyZWQuNDhjMjFlM2YtZWMwVC00ZWI3LTg5MTctOTVhNWNiYjNmOGYyLktMiUJVdzNZdmNXbUpuRERKbEtUTmhVcC1UanVuTHJUOGWnTW44YVRpWnM=
    Client secret: S0x5QlV3M1l2Y1dtSm7EREpsS1ROaFVwLVRqdW5MclQ4ZWdNbjhhVGlac1lYQnBMV088WldRdU5EaGpNakZsTTJZdFpXTXdaQzAwWldJM0xUZzVNVGN0T1RWaE5XTmlZak5tT0dZeUxrdE1lVUpWZHpOWmRtTlhiVXB1UkVSS2JFdFVUbWhWY0MxVWFuVnVUSEpVT0dWblRXNDRZVlJwV25NPTE2MUY3OTM0OTc3Nzg5MTM1NjA=

    You need developer privileges to execute APIs, and you need privileges for the objects you will modify through the API.  For example, you need group privilege to modify groups in general or dynamic group privilege to modify a specific group.

  2. Ask your administrator for your unique subdomain, which will look like this, but with your tenant specified:

    {{tenant}}.ids.secureauth.com

    Example: acme.ids.secureauth.com

  3. Open the Identity Store.

    • Obtain a link from your administrator to the Identity Store user interface, or

    • In the SecureAuth® Identity Platform, on the left side of the page, click Identity Stores.

  4. Get the client ID and client secret.

    1. Open your profile page to get your client ID and client secret.

      profile_open_api_creds.png
    2. Copy your API credentials to a safe location, which is useful if you don't want to open the UI when you need them. (If you misplace your credentials, you can generate them again from here. Whenever you generate new credentials, you must request a new access token.)

      api_creds_copy.png
  5. Set your client ID and client secret in the appropriate location in the development environment you're using.

    You now have your access token and can use it to make API calls.

  6. Send a test request.

    Send a GET Me request to view a response with information about yourself in the identity store where you will work.

    GET https://{{tenant}}.ids.secureauth.com/api/v1/ismanager/ids/{{ids_id}}/Me

    Your response will look like the following:

    {
        "addresses": [],
        "userName": "Jane Doe",
        "photos": [
            {
                "display": "/Images/48c21e3f-ec0d-4eb7-8917-95a5cbb3f8f2",
                "type": "photo",
                "primary": true
            }
        ],
        "phoneNumbers": [
            {
                "type": "work",
                "value": "+19495551212",
                "primary": true
            }
        ],
        "emails": [
            {
                "display": "janedoe@acme.com",
                "type": "work",
                "value": "janedoe@acme.com",
                "primary": true
            }
        ],
        "urn:ietf:params:scim:schemas:extension:secureauth:2.0:User": {
            "privileges": [
                {
                    "value": "7b5d89f0-9b16-4943-a005-adde4c968877"
                }
            ],
            "sessionscopes": [
                {
                    "app": "1097108499420-clbo955ge0no9b38e9qqk3d9q8oj32ll.apps.googleusercontent.com",
                    "scopesSupported": "profile email phone openid address offline_access ",
                    "scopes": "profile email phone openid address offline_access "
                }
            ],
            "resources": [
                "d39678e6-5c19-4112-7777-79e97da078f6",
                "d39678e6-5c19-4112-7777-79e97da078f6"
            ],
            "groups": [
                {
                    "groupId": "default"
                }
            ],
            "apiCredentials": [
                {
                    "date": "1615997101527110665",
                    "clientId": "YXBpLWNyZWQuNDhjMjFlM2YtZWMwZC00ZWI3LTg5MTctOTVhNWNiYjNmOGYyLmQxUVhBNWwzdURMbFZ2SExQOFpBZ2RtOTEyU2F3d1ZJU3hyOVRiQzNkWlE=",
                    "clientSecret": "ZDFRWEE1bDN1RExsVnZITFA4WkFnZG05MTJTYXd3VklTeHI5VGJDM2RaUVlYQnBMV055WldRdU5EaGpNakZsTTJZdFpXTXdaQzAwWldJM0xUZzVNVGN0T1RWaE5XTmlZak5tT0dZeUxtUXhVVmhCTld3emRVUk1iRloyU0V4UU9GcEJaMlJ0T1RFeVUyRjNkMVpKVTNoeU9WUmlRek5rV2xFPTE2MTU5OTcxMDE1MjcxMjEyMzI="
                }
            ],
            "lastLogIn": "0001-01-01T00:00:00Z",
            "lastPasswordChange": "2021-03-17T02:54:20Z",
            "status": "active"
        },
        "meta": {
            "created": "2021-02-23T03:44:38Z",
            "location": "http://g3-iscim-default-iscim-default:8080/v2/Users/48c21e3f-ec0d-4eb7-8917-95a5cbb3f8f2",
            "lastModified": "2021-03-22T15:33:24Z",
            "version": "W\/\"pg750mCbiI+nKQ/OkB/M5W/35/Q=\"",
            "resourceType": "User"
        },
        "schemas": [
            "urn:ietf:params:scim:schemas:extension:secureauth:2.0:User",
            "urn:ietf:params:scim:schemas:core:2.0:User",
            "urn:ietf:params:scim:schemas:extension:ldap:2.0:User"
        ],
        "name": {
            "givenName": "",
            "familyName": ""
        },
        "userType": "Other",
        "id": "48c21e3f-ec0d-4eb7-8917-95a5cbb3f8f2",
        "urn:ietf:params:scim:schemas:extension:ldap:2.0:User": {}
    }

    If you receive an error status, try the following:

    • Check the values in your environment variables.

    • Be sure that the access token has not expired. If the token has expired, you'll see an error message: Access token is invalid

      If the access token is the problem, see step 1 above, then send the GET Me request again.

    • If you've sent the request to the right ids_id, confirm with your admin that you are a user in that identity store.

      You might need to retrieve the list of identity stores to be sure you sent the request to the correct ids_id. In the example response above, the ids_id is 48c21e3f-ec0d-4eb7-8917-95a5cbb3f8f2, which is the numeric string after id at the bottom of the response.

  7. You can now work in the Identity Store.

    Read about the SecureAuth Identity Store API requests and parameters.