Retrieving IAM access tokens
To use the IBM Cloud Metrics Routing API, you must use an IBM Cloud® Identity and Access Management (IAM) access token. Each token is valid only for one hour, and after a token expires, you must request a new one if you want to continue using the API.
Retrieving an access token for the current session by using the IBM Cloud CLI
You can use the IBM Cloud CLI to generate your IAM access token.
Complete the following steps to generate an access token for the current session:
-
Log in to IBM Cloud with the IBM Cloud CLI.
ibmcloud login
If the login fails, run the
ibmcloud login --sso
command to try again. The--sso
parameter is required when you log in with a federated ID. If this option is used, go to the link listed in the CLI output to generate a one-time passcode. -
Run the following command to retrieve your Cloud IAM access token.
ibmcloud iam oauth-tokens | grep IAM | cut -d \: -f 2 | sed 's/^ *//'
The following truncated example shows a retrieved IAM token.
IAM token: Bearer eyJraWQiOiIyM...
Retrieving an access token by using an API key and the IBM Cloud CLI
You can also retrieve your access token programmatically by creating a service ID API key for your application, and then exchanging your API key for an IBM Cloud IAM token.
-
Log in to IBM Cloud with the IBM Cloud CLI.
ibmcloud login -a cloud.ibm.com [--apikey KEY | @KEY_FILE]
Where
KEY | @KEY_FILE
is the API key that you want to use to get the access token. -
Run the following command to get an IAM access token.
ibmcloud iam oauth-tokens | grep IAM | cut -d \: -f 2 | sed 's/^ *//'
The following truncated example shows a retrieved IAM token.
IAM token: Bearer eyJraWQiOiIyM...
Retrieving an access token by using an API key in a cURL request
Run the following cURL command to call the IAM Identity Services API to retrieve your access token:
curl -X POST \
'https://iam.cloud.ibm.com/identity/token' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'accept: application/json' \
-d 'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=<API_KEY>' > token.json
Replace <API_KEY>
with your API key.
The following truncated example shows the contents of the token.json
file:
{
"access_token": "b3VyIGZhdGhlc...",
"expiration": 1512161390,
"expires_in": 3600,
"refresh_token": "dGhpcyBjb250a...",
"token_type": "Bearer"
}
Use the full access_token
value, prefixed by the Bearer token type.