The RiskLens API uses the OAuth 2 standard for authentication. This requires API consumers to first authenticate with the RiskLens authentication server to receive a bearer token for all subsequent API requests.

Authentication Servers

The authentication call does not use the same URL as the RiskLens API. Use one of the below URLs for authentication requests.

RiskLens Customers: https://v3.risklens.com/auth/connect/token

RSA CRQ Customers: https://rsav3.risklens.com/auth/connect/token

Code Example

The following code example shows how to obtain an access token. The request is done with cURL but can be done in any language. The client_id and client_secret are the ones provided when you create an API client in RiskLens.

cURL Authentication Request Example

curl --location --request POST 'https://v3.risklens.com/auth/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded'  \
--header 'User-Agent: PostmanRuntime/7.26.8'  \
--header 'Accept: */*'  \
--data-urlencode 'grant_type=client_credentials'  \
--data-urlencode 'client_id=your_client_id'  \
--data-urlencode 'client_secret=your_client_secret'  \
--data-urlencode 'audience=api'  \
--output 'token.json'

The response provides you an access token, specifies how long it is valid for, and the token type. All tokens that are returned are current bearer tokens. These tokens are used on all subsequent calls to the RiskLens API. When the token expires, you will need to request a new token.

JSON Response Body Example

{
    "access_token": "your_access_token",
    "expires_in": 3600,
    "token_type": "Bearer"
}

Help Center

Authenticating with the RiskLens API

Authentication Servers

Code Example