- Checkmarx Documentation
- Checkmarx One
- Checkmarx One API Documentation
- Checkmarx One Authentication API
Checkmarx One Authentication API
Notice
A comprehensive Checkmarx One API Reference Guide is now available here.
Description
This API generates a JWT (JSON Web Token) access token which is used for authentication with all Checkmarx One APIs. The access token is valid for a 30 minute session.
There are two methods that can be used to generate an access token:
Refresh Token (API Key) - If you have a refresh token, you can submit that with this API in order to receive an access token. To learn how to generate a refresh token, see Generating a Refresh Token (API Key).
OAuth Client - If you have an OAuth Client for Checkmarx One, you can submit your Client ID and Secret with this API in order to receive an access token. To learn how to generate an OAuth Client, see Creating an OAuth Client.
Notice
The access token inherits whichever roles (permissions) are assigned to the OAuth Client.
In addition to returning an access token, this API also returns a new refresh token which can be used for future login requests.
Method
POST
Workflow
Use the Authentication API to generate an access token
Use the access token for authentication of all APIs
URL
US Environment - https://iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
US2 Environment - https://us.iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
EU Environment - https://eu.iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
Australia & New Zealand - https://anz.iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
India - https://ind.iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
Singapore - https://sng.iam.checkmarx.net/auth/realms/{tenant_account_name}/protocol/openid-connect/token
Curl Sample - Refresh Token
curl -X POST \{https://iam.checkmarx.net/auth/realms/{{TENANT_NAME}}/protocol/openid-connect/token \ --data "grant_type=refresh_token" \ --data "client_id=ast-app" \ --data "refresh_token={{Your_API_KEY}}"
Curl Sample - OAuth Client
curl --location --request POST 'https://eu.iam.checkmarx.net/auth/realms/{{TENANT_NAME}}/protocol/openid-connect/token ' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Accept: application/json' \ --data-urlencode 'client_id={{your-iam-oauth-client}}' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'client_secret={{secret_key}}'
Media Type (header)
Accept: application/json
Parameters
Parameter | Required | Type | Possible Values |
---|---|---|---|
grant_type | Yes | formdata |
|
client_id | Yes | formdata |
|
refresh_token | Required for grant_type | formdata | The refresh token (i.e., API Key) that was generated for your account in the IAM. |
client_secret | Required for grant_type | formdata | Your OAuth Client Secret. |
Success Response
Code: 200 Authenticated
Attribute | Type | Description |
---|---|---|
access_token | string | The access token to be use for authentication with your Checkmarx One API calls. |
expires_in | integer | Time left until the token expires (given in seconds). Tokens are valid for 30 minutes. |
refresh_expires_in | integer | The time period for which the newly generated refresh token is valid (given in seconds). TipIf the value returned is “0”, that indicates that it remains valid indefinitely. |
refresh_token | string | Returns a new refresh token which can be used to generate new access tokens. |
token_type | string | The type of authentication, e.g bearer. |
not-before-policy | integer | The time delay until the access token is first activated (given in seconds). TipIf the value returned is “0”, that indicates that the access token is valid immediately. |
session_state | string | A unique ID representing the session. |
scope | string | The permissions associated with this access token. |
Sample Success Response
{ "access_token": "eyJhbGciOiJSUzI1NiIsInR...phQlk0nAGjOtvG8UT-8iaA", "expires_in": 1800, "refresh_expires_in": 0, "refresh_token": "eyJhbGciOiJIUzI1Ni...Pf43RbBz4M", "token_type": "bearer", "not-before-policy": 0, "session_state": "f4308084-84b5-41af-a326-7c38d9fc19fa", "scope": "iam-api profile email ast-api groups offline_access roles" }
Error Response
Message: Message: Message: Message: Message: |