All Cloud Platform API v2 calls require authentication to work. The information on this page is applicable only for Cloud Platform API version 2.
HMAC authentication is deprecated and will be removed from Cloud Platform API version 2 on July 1, 2020.
For correct implementation of OAuth2 for API requests, your configuration and permissions must be correctly configured in your control panel. If refresh tokens are required, follow the correct procedure and obtain them. For more information, visit Cloud Platform API documentation.
To generate an API token for authenticating with the Cloud Platform API v2:
Click your user avatar in the upper right corner, and then click Account Settings.
Provide a human-readable label for your API token, and click Create Token.
Cloud Platform will generate an API Key and API secret for you.
You can remove a token at any time by clicking Remove next to the token you want to remove.
Each Cloud Platform API call authenticates requests with OAuth 2.0 client credentials, and requires the information provided when generating an API token.
Cloud Platformhttps://accounts.acquia.com/api/auth/oauth/tokenThe Client ID and Secret are exchanged for a bearer access token, which authenticates calls to the Cloud Platform API.
composer require league/oauth2-client, and download an example authentication script.Generating tokens with a curl request
If you generate an API token with a curl request, instead of the Cloud Platform user interface, Acquia recommends passing the data with a --data-urlencode parameter instead of a --data parameter to prevent incorrect encoding of non-alphanumeric characters, similar to the following example:
curl https://accounts.acquia.com/api/auth/oauth/token --data-urlencode "client_id=API_KEY" --data-urlencode "client_secret=API_SECRET" --data-urlencode "grant_type=client_credentials"
If your organization uses Federated Authentication, you must use OAuth 2.0 and request the organization:uuid scope while generating the API token. The uuid is the UUID of the organization’s resources for which you want access. If you do not do this, the system displays one of the following error messages when making an API request:
additional_authentication_requiredThis resource requires additional authentication.Here is an example curl request that includes the organization scope:
curl \
--data-urlencode 'client_id=API TOKEN KEY HERE' \
--data-urlencode 'client_secret=API TOKEN SECRET HERE' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=organization:23NNe327-NAAA-11e3-NNNN-1231NNNNa02c' \
-X POST \
'https://accounts.acquia.com/api/auth/oauth/token'If this content did not answer your questions, try searching or contacting our support team for further assistance.
All Cloud Platform API v2 calls require authentication to work. The information on this page is applicable only for Cloud Platform API version 2.
HMAC authentication is deprecated and will be removed from Cloud Platform API version 2 on July 1, 2020.
For correct implementation of OAuth2 for API requests, your configuration and permissions must be correctly configured in your control panel. If refresh tokens are required, follow the correct procedure and obtain them. For more information, visit Cloud Platform API documentation.
To generate an API token for authenticating with the Cloud Platform API v2:
Click your user avatar in the upper right corner, and then click Account Settings.
Provide a human-readable label for your API token, and click Create Token.
Cloud Platform will generate an API Key and API secret for you.
You can remove a token at any time by clicking Remove next to the token you want to remove.
Each Cloud Platform API call authenticates requests with OAuth 2.0 client credentials, and requires the information provided when generating an API token.
https://accounts.acquia.com/api/auth/oauth/tokenThe Client ID and Secret are exchanged for a bearer access token, which authenticates calls to the Cloud Platform API.
composer require league/oauth2-client, and download an example authentication script.Generating tokens with a curl request
If you generate an API token with a curl request, instead of the Cloud Platform user interface, Acquia recommends passing the data with a --data-urlencode parameter instead of a --data parameter to prevent incorrect encoding of non-alphanumeric characters, similar to the following example:
curl https://accounts.acquia.com/api/auth/oauth/token --data-urlencode "client_id=API_KEY" --data-urlencode "client_secret=API_SECRET" --data-urlencode "grant_type=client_credentials"
If your organization uses Federated Authentication, you must use OAuth 2.0 and request the organization:uuid scope while generating the API token. The uuid is the UUID of the organization’s resources for which you want access. If you do not do this, the system displays one of the following error messages when making an API request:
additional_authentication_requiredThis resource requires additional authentication.Here is an example curl request that includes the organization scope:
curl \
--data-urlencode 'client_id=API TOKEN KEY HERE' \
--data-urlencode 'client_secret=API TOKEN SECRET HERE' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=organization:23NNe327-NAAA-11e3-NNNN-1231NNNNa02c' \
-X POST \
'https://accounts.acquia.com/api/auth/oauth/token'If this content did not answer your questions, try searching or contacting our support team for further assistance.