Access Token (POST)
  • 30 Jan 2024
  • 1 Minute to read
  • Contributors

    Access Token (POST)

      Article summary

      To perform actions using the Harmony SASE API, a temporary authorization token must be generated using the workspace API Key.

      How To Generate an Access Token

      First, sign in to your Harmony SASE Admin Console with either the Admin or Manager role.

      1. Navigate to Settings -> API Support
      2. At the top right corner, click +Generate New Key
      3. Enter the following details:
        • Key Name - Write a logical name to help you identify the Key later.
        • Expiration Date - Select a date for the Access Token to expire. Any API requests done after this date will be denied.
        • Key Permissions - Choose which Actions will be possible using this specific API Key.
      4. Once you have created your key, click the eye icon (👁) to reveal the Key.
      5. Once the key is revealed, copy it or use the clipboard icon ()
      6. This token can now be used to POST an authorization via the API.

      POST /v1/auth/authorize

      Authorization duration:
      • Once you've successfully authorized the API key, you may use any API Calls permitted under Key Permissions for 60 minutes.
      • After 60 minutes, you must go through authorization once more to continue interacting with the API. 

      Parameters: None

      Request Body:

      Property Data TypeDescription
      grantTypeStringAuthorize request type: 'api_key'.
      apiKeyStringAPI key from Generate New Token in the web client.

      Request Example:

      curl -X 'POST' -H 'Content-Type: application/json' \-d '{ "grantType": "api_key", "apiKey": "<API_KEY>"}' ''

      Please replace <API_KEY> with the key copied in step 5.


      Status Code

      Message/JSON Response Body



      See the Response Body table below.

      Success. Access token and expiration time returned.

      Response Body:

      PropertyData TypeDescription



      Returns an object with the access token and its expiration timestamp.



      Type of token. Value is ‘bearer.’



      Access token. Expires according to accessTokenExpire.



      Timestamp of the Access Token’s expiration.

      Response Example:

      Now you can use the APIs for external calls during the next 60 minutes.

      Was this article helpful?