Skip to main content Skip to complementary content

Generating a service account token

Call the /security/oauth/token endpoint to generate a token for a service account.

Before you begin

  • The service account for which you generate a token must already exist.
  • You have combined the ID and the secret of this service account in the following format: ID:secret and encoded this pair in a Base64 encode application of your choice.

    Talend API Tester provides a native tool to do the Base64 encoding. If you use Talend API Tester to test this use case, follow Adding the Authorization header to encode your ID:secret pair.

About this task

In this section, the following API call is issued:
method: POST
endpoint: https://api.<env>.cloud.talend.com/security/oauth/token
headers: {
 "Content-Type": "application/json",
 "Authorization": "Basic <encoded_Base64_value_of_id-secret_pair>"
}
payload: {
  "audience":"https://api.<env>.cloud.talend.com",
  "grant_type":"client_credentials"
}
It is implemented in Talend API Tester for demonstration purposes.

Procedure

  1. To generate a token, select POST from the Method list and in the field aside, enter the token endpoint to be used: https://api.<env>.cloud.talend.com/security/oauth/token
  2. Click Add header twice to add tow rows and enter the following key:value pairs:
    • Content-Type : application/json.
    • Authorization : Basic <encoded_Base64_value_of_id-secret_pair>
  3. In the Body area, enter the content of this call.

    Example

    {
  "audience":"https://api.<env>.cloud.talend.com",
  "grant_type":"client_credentials"
}
    • The code 200 is returned with a token. This is the only time you see this token. Keep this token in a secret place. The service account needs this token to successfully issue API calls.
    • When using this token in the Authorization header to issue an API call, always add Bearer preceding a whitespace and then the actual token value. For example, Bearer your_service_account_token. This example, Using a service account to get users, shows how a service account token is used in an API request.
    • This token expires after 30 minutes.

      Cache or store this token and reuse it until it expires. Then use this base64 ID:secret combination again to obtain a new token.

  4. Save this API request and name it, for example, as Renew the SAT, so that you can reuse it to refresh the token.

Results

Your service account is ready to be used to call Talend services.

What to do next

You need to monitor when your token expires, in either a reactive or a proactive manner.
  • Reactive: assume that the token is valid in every request and take action when you receive the response saying 401 unauthorized.
  • Proactive: once generated, a token is valid for 30 minutes. Be aware of the expiration time and renew the token accordingly.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here