Skip to main content

Authenticating API requests to cloud editions of Qlik Sense Enterprise

Cloud editions of Qlik Sense Enterprise offers a choice of two methods for authenticating API requests: API keys or client credentials grant.

An API key is both a unique identifier and a secret authentication token that is passed to the API to identify the calling application or user. Before you can retrieve your personal identifier or API key, a tenant admin must first register you as a user and assign you the Developer role. Once an API key with a unique value has been assigned to you, it must be included as a bearer token in the HTTP Authorization header in your API request. With a valid API key included in the request, Qlik Sense can identify you and grant you access. API keys are typically used for day-to-day activities such as running automation scripts. In essence, an API key is a programmatic alternative solution for user sessions in a web browser. Instead of a cookie, you authenticate yourself using a key generated by you that uniquely identifies you in the system. For more information, see Managing API keys.

The client credentials grant is primarily used for Qlik Sense Enterprise on Windows integration among other possibilities. It provides a tenant global credential with elevated privilege in the configured IdP, so care should be exercised when giving access to applications and users. There is no user identity context with the client credentials grant. For more information, see Authenticating API requests to cloud editions of Qlik Sense Enterprise using client credentials grant.