Information for: DEVELOPERS   PARTNERS

Cloud Platform API v2 authentication

All Cloud Platform API v2 calls require authentication to work. The information on this page is applicable only for Cloud Platform API version 2.

Note

For information about authenticating with Cloud Platform API version 1 (v1), see Cloud Platform API v1 authentication.

Important

HMAC authentication is deprecated and will be removed from Cloud Platform API version 2 on July 1, 2020.

Generating an API token

To generate an API token for authenticating with the Cloud Platform API v2, complete the following steps:

  1. Sign in to Cloud Platform using your email address and Acquia password.

  2. Click your user avatar in the upper right corner, and then click Account Settings.

    Edit your profile

  3. On the Profile page, click API Tokens.

  4. Provide a human-readable label for your API token, and click Create Token.

    Cloud Platform will generate an API Key and API secret for you.

  5. Record a copy of your API Key and API secret, as you can’t retrieve them after closing your browser tab.

Note

The access token will expire 300 seconds (or 5 minutes) after you generate it and must be regenerated before then.

You can remove a token at any time by clicking Remove next to the token you want to remove.

Authenticating in Cloud Platform API RESTful interface calls

Each Cloud Platform API call authenticates requests with OAuth 2.0 client credentials, and requires the information provided when generating an API token.

The Client ID and Secret are exchanged for a bearer access token, which authenticates calls to the Cloud Platform API.

Note

Run composer require league/oauth2-client, and then download an example authentication script.

Generating tokens with a curl request

If you generate an API token with a curl request, instead of the Cloud Platform user interface, Acquia recommends passing the data with a --data-urlencode parameter instead of a --data parameter to prevent incorrect encoding of non-alphanumeric characters, similar to the following example:

curl https://accounts.acquia.com/api/auth/oauth/token --data-urlencode "client_id=API_KEY" --data-urlencode "client_secret=API_SECRET" --data-urlencode "grant_type=client_credentials"

Making API Calls through Single Sign-On

If your organization uses Single Sign-On (SSO), you must use OAuth 2.0 and request the organization:uuid scope while generating the API token. The uuid is the UUID of the organization’s resources for which you want access.

Here is the example curl request:

curl \
--data-urlencode 'client_id=API TOKEN KEY HERE' \
--data-urlencode 'client_secret=API TOKEN SECRET HERE' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=organization:23NNe327-NAAA-11e3-NNNN-1231NNNNa02c' \
-X POST \
'https://accounts.acquia.com/api/auth/oauth/token'