Skip to content

HTTP API Authentication

Audience: All Immuta Users

Content Summary: Calls to the Immuta API require authentication. This page includes the API key authentication endpoint, request and response parameters, and example requests and responses for API authentication.

Workflow

There are two methods for making an authenticated request to the Immuta API.

  • API Key Method:
    • Generate an API key.
    • Pass your API key in the Authorization header when making a request.
  • Bearer Token Method:
    • Generate an API key.
    • Make a request to the authentication endpoint to receive a bearer token.
    • Include the bearer token in the Authorization header when making a request. This token should be used for multiple requests until it expires. Once a token expires, users must authenticate again to get a new token. When a request uses an expired token, the request will return with a 401 status code.

API Key Method

  1. Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure.
  2. You will pass this API key in the authorization header when you make a request, as illustrated in the example below:

    curl \
        --request GET \
        --header "Content-Type: application/json" \
        --header "Authorization: 846e9e43c86a4ct1be14290d95127d13f" \
        https://your-immuta-url.immuta.com/audit
    

Bearer Token Method

  1. Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure.
  2. Save your API key in a .json file.

    {
      "apikey": "846e9e43c86a4ct1be14290d95127d13f"
    }
    
    1. Make the following request to the authentication endpoint:

    curl \
        --request POST \
        --header "Content-Type: application/json" \
        --data @example_payload.json \
        https://your-immuta-url.immuta.com/bim/apikey/authenticate
    
    1. You you will receive a response that includes your bearer token. Pass that bearer token in the Authorization header when you make a request, as illustrated in the example below:
    curl \
        --request GET \
        --header "Content-Type: application/json" \
        --header "Authorization: Bearer dea464c07bd07300095caa8" \
        https://demo.immuta.com/audit