Authenticating with the RiskLens API
- Bryan Smith (Unlicensed)
The RiskLens API uses the OAuth 2 standard for authentication. This requires API consumers to first authenticate with the RiskLens authentication server to receive a bearer token for all subsequent API requests.
Authentication Servers
The authentication call does not use the same URL as the RiskLens API. Use one of the below URLs for authentication requests.
RiskLens Customers: https://v3.risklens.com/auth/connect/token
RSA CRQ Customers: https://rsav3.risklens.com/auth/connect/token
Code Example
The following code example shows how to obtain an access token. The request is done with cURL but can be done in any language. The client_id and client_secret are the ones provided when you create an API client in RiskLens.
cURL Authentication Request Example
curl --location --request POST 'https://v3.risklens.com/auth/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'User-Agent: PostmanRuntime/7.26.8' \
--header 'Accept: */*' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=your_client_id' \
--data-urlencode 'client_secret=your_client_secret' \
--data-urlencode 'audience=api' \
--output 'token.json'The response provides you an access token, specifies how long it is valid for, and the token type. All tokens that are returned are current bearer tokens. These tokens are used on all subsequent calls to the RiskLens API. When the token expires, you will need to request a new token.
JSON Response Body Example
{
"access_token": "your_access_token",
"expires_in": 3600,
"token_type": "Bearer"
}Â