User Authentication

The method used to configure authentication varies depending on what type of authentication you wish to perform. More details can be found here

Every authentication creates a session that grants a bearer token which can be passed for any other API requests. Please note that the bearer token expires if the session remains inactive for a long period of time. Please check with Fortanix DSM admin for the expiration values. By default, user sessions expire after 24 hours and app sessions expire after 10 min if remained idle.

 The sample code below authenticates using provided credentials and then saves the bearer token in the API Client for subsequent use by other API requests.

User Authentication

This example describes user authentication using a user’s email and password.

If a user is part of multiple accounts, you must first select a particular account, before proceeding to key management operations.

How to get account Id: Go to Account Settings.  Copy the Account ID displayed on the right.

Fortanix_DSM__Account_settings.pngFigure 1: Account ID


Configuration.Default.BasePath = "<Endpoint URL>";
Configuration.Default.Username = <user email>;
Configuration.Default.Password = <user password>;

AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer"); //Select account SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>); authenticationApi.SelectAccount(request);


client := sdkms.Client{
       Endpoint: "<Endpoint URL>",
       HTTPClient: http.DefaultClient,
ctx := context.Background()
_, err := client. AuthenticateWithUserPass(ctx, <user email>, <user password>)

#Select account
request := sdkms.SelectAccountRequest {
            AcctId: <Account Id>
_, err = client.SelectAccount(ctx, request)


ApiClient apiClient = new ApiClient();
apiClient.setBasePath(<Endpoint URL>);
apiClient.setUsername(<user email>);
apiClient.setPassword(<user password>);
AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
AuthResponse authResponse = authenticationApi.authorize();
ApiKeyAuth bearerTokenAuth = (ApiKeyAuth) apiClient.getAuthentication("bearerToken");

//Select account
SelectAccountRequest request = new SelectAccountRequest().acctId(<Account Id>);


config = sdkms.v1.Configuration() = "<Endpoint URL>"
config.username = <user email>
config.password = <user password>
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer' #Select account request = sdkms.v1.SelectAccountRequest(<account id>) auth_instance.select_account(request)

REST API using curl

$ curl <Endpoint URL>/sys/v1/session/auth -X POST -u <user email>:<user password>
{"token_type":"Bearer","expires_in":600,"access_token":"YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g","entity_id":"7916b324-33a1-4a06-8778-59ec0492bb10"}
#select account
$ curl <Endpoint URL>/sys/v1/session/select_account -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' -d '{"acct_id": "<account id>"}'
#use the "access_token" as Bearer Auth in other API requests. E.g: 
$ curl <Endpoint URL>/other_apis -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' ...


Article is closed for comments.

Was this article helpful?
0 out of 0 found this helpful