Creating API credentials

Abstract

Learn how to create CloudConnexa API credentials, generate OAuth 2.0 access tokens, and authenticate API requests using the client_credentials flow.

CloudConnexa API credentials allow you to authenticate and make requests to the CloudConnexa API. After creating credentials, you use them to request an OAuth 2.0 access token, which is required for all API calls.

Before you begin

Ensure you have:

Access to the CloudConnexa Administration portal.

Create credentials in the Administration portal

Sign in to your WPC's Administration portal by entering your Cloud ID in a web browser (for example, company_name.openvpn.com).
From the CloudConnexa Administration portal, navigate to API & Logs → API .
Click Create Credentials.
Enter a name for the credentials.
Select a lifetime (two weeks, one month, six months, or one year).
(Optional) Restrict access by specifying allowed IP subnet ranges.
Select the permissions (red and/or write access to resources).
Click Create.
Return to the API main menu, then click the toggle button labeled: Enable API to activate authentication credentials.
Caution
Remember to turn on API access. A valid API key will not work unless the API access is enabled.

Save your credentials

Important

Copy and securely store the following:

Client ID
Client Secret

You won't be able to view the client secret again after leaving the page.

Turn on API access

After creating credentials, turn on API access:

Return to the API page.
Turn on the Enable API toggle.
Caution
API credentials won't work unless API access is turned on.

Request an Access Token

Use your client ID and client secret to request an OAuth 2.0 access token using the client_credentials grant type.

Tip

You can also obtain an access token using the API endpoint. Refer to Request OAuth token.

Request Format

Use the following curl command to obtain an access token:

curl -X POST --location "https://{cloud_id}.api.openvpn.com/api/v1/oauth/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials" --http1.1

Replace:

{cloud_id} with your CloudConnexa Cloud ID.
{client_id} with the full Public API Client ID, including the prefix.
{client_secret} with the Public API Client Secret.

Example Response

If the request is successful, the API will respond with a JSON object containing your access_token:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOi...",
  "token_type": "bearer",
  "expires_in": 43199,
  "scope": "read write"
}

Use the access token

Include the access token in the Authorization header for all API requests:

Authorization: Bearer <access_token>

Token behavior

The access_token is valid for the number of seconds specified in expires_in.
When the token expires, request a new one using the same credentials.
Tokens aren't refreshable; generate a new token as needed.

In this section: