Authentication
All Operate REST API requests require authentication.
Authentication for SaaS​
Authentication via JWT access token​
You must pass an access token as a header in each request to the SaaS Operate API. When you create an Operate client, you get all the information needed to connect to Operate.
The following settings are needed to request a token:
| Name | Description | Default value |
|---|---|---|
| client id | Name of your registered client | - |
| client secret | Password for your registered client | - |
| audience | Permission name; if not given use default value | operate.camunda.io |
| authorization server url | Token issuer server | - |
For more information on how to get these values for Camunda 8, read Manage API Clients.
Send a token issue POST request to the authorization server with the required settings:
curl -X POST -H 'content-type: application/json' -d '{"client_id": "RgVdPv...", "client_secret":"eDS1~Hg...","audience":"operate.camunda.io","grant_type":"client_credentials"}' https://login.cloud.camunda.io/oauth/token
You will get something like the following:
{
"access_token": "eyJhbG...",
"scope": "f408ca38-....",
"expires_in": 58847,
"token_type": "Bearer"
}
Capture the access_token value from the response object. In each request to the Operate API, include it as an authorization header:
Authorization: Bearer eyJHb...
Authentication for Self-Managed cluster​
Authentication via Identity JWT access token​
This authentication method is described in Operate Configuration - Authentication.
Authentication via cookie​
Another way to access the Operate API in a Self-Managed cluster is to send cookie headers in each request. The cookie can be obtained by using the API endpoint /api/login. Take the steps in the following example:
Example:
- Log in as user 'demo' and store the cookie in the file
cookie.txt.
curl -c cookie.txt -X POST 'http://localhost:8080/api/login?username=demo&password=demo'
- Send the cookie (as a header) in each API request. In this case, request all process definitions.
curl -b cookie.txt -X POST 'http://localhost:8080/v1/process-definitions/search' -H 'Content-Type: application/json' -d '{}'