- 17 Oct 2023
- 1 Minute to read
- DarkLight
Authentication
- Updated on 17 Oct 2023
- 1 Minute to read
- DarkLight
Torq REST API uses bearer tokens to authenticate requests. You generate a bearer token by sending a request to the Torq authentication server. In the request to the authentication server you'll provide your Torq API key, which consists of a client id and client secret. After a successful request to the authentication server you'll receive a bearer token that you will pass in the Authorization header for all Torq API requests.
Create an API key
The API key consists of a client_id and client_secret . These credentials are used to authenticate when you request a bearer token.
API keys are workspace-specific. This means that requests are made on the workspace where the API key used to create the bearer token was created. Make sure the API key you're using to generate the bearer token was created in the workspace you want to run the requests on.
- In Torq, click your workspace icon/avatar.
- Click API Keys > Create API Key.
- Give the API key a meaningful name and click Create.
- Copy the Client ID and Client Secret to a safe place. You won't be able to access the Client Secret later.
Generate a bearer token
To generate the bearer token, send a request to the endpoint: https://auth.torq.io/v1/auth/token . See the sample request below for the full request.
Replace <CLIENT_ID>_and _<_CLIENT_SECRET> with the client ID and client secret you received when you created the API key.
Sample request - cURL
curl POST https://auth.torq.io/v1/auth/token -H "Accept: application/json" -H "Accept-Language: en_US" -u "<CLIENT_ID>:<CLIENT_SECRET>" -d "grant_type=client_credentials"
Sample response - cURL
The bearer token is the value of the access_token key.
You will pass this token in the authorization header for all API requests: Authorization: Bearer <token> .
{"access_token":"81b15ad9-****-2245-****-f05p37053b25","expires_in":3600,"token_type":"Bearer"}
Sample request - Torq
You can generate the bearer token in Torq by using the Send an HTTP Request step. You need to add a body field for the grant type.
Field | Value |
---|---|
URL | https://auth.torq.io/v1/auth/token |
Method | POST |
Authorization | Basic |
Username | The client_id you received when you created the API key. |
Password | The client_secret you received when you created the API key. |
Content type | application/x-www-form-urlencoded |
Type |
|
Sample response - Torq
{
"api_object": {
"access_token": "8266095f-****-****-****-203a47f40c06",
"expires_in": 3600,
"token_type": "Bearer"
},
"headers": {
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Origin": "https://app.torq.io",
"Cache-Control": "no-store",
"Content-Length": "96",
"Content-Type": "application/json;charset=UTF-8",
"Date": "Mon, 21 Mar 2022 15:00:02 GMT",
"Pragma": "no-cache",
"Strict-Transport-Security": "max-age=15724800; includeSubDomains"
},
"status_code": 200,
"step_status": {
"code": 1,
"message": "",
"verbose": ""
}
}