Search

Authentication

Version 26.2.9620

Authentication

Version 26.2.9620

Each configured CData Arc user has the option to authenticate to the Admin API with either an authtoken or OAuth 2.0. For more information about configuring users and user roles, see User Management and Roles.

Using Authtokens

Authtokens can be used within API requests in several ways:

  • Include an x-cdata-authtoken header in the HTTP request with the value set to an appropriate user’s authtoken
  • Treat the user and authtoken as a username/password combination for HTTP Basic Authentication
  • Include the authtoken in the request URL as a query parameter

This example uses the authtoken header (x-cdata-authtoken) as the authentication method. To use that method:

  1. Click the Settings icon on the navbar.

  2. Click Add User to add a new user or click the link on an existing user’s name to edit a user.

  3. Click the API Access tab, then check the API Access checkbox to display an authtoken. Copy the token to a safe place because the dialog is not shown again. If you lose or delete your authtoken, you must create a new one.

  4. Click Save.

To include the authtoken in the request URL, follow these steps:

  1. Open the Settings page.

  2. Select the Admin API tab.

  3. In the Other Settings section, select Allow Authtoken in URL.

The syntax of the authtoken query parameter is @authtoken=myAuthTokenValue.

Using OAuth 2.0

OAuth 2.0 provides a structured authentication flow for clients that need to manage token lifecycles or integrate with external applications.

To enable OAuth 2.0, follow these steps:

  1. Click the Settings icon on the navbar.

  2. Click Add User to add a new user or click the link on an existing user’s name to edit a user.

  3. Click the API Access tab, then check Enable OAuth Access. Complete the following fields:

  • Grant Type The OAuth 2.0 grant type that determines how the client application obtains an access token. Client Credentials is currently the only option.
  • Client Id The system-generated client Id token.
  • Client Secret The system-generated client secret. Make sure to copy it to a safe location before saving the user, because it is not shown again.
  • Access URL The endpoint URL used by the client application to request an access token using the configured credentials.