OAuth

With service accounts, you are enabled to use the OAuth2 Client Credentials Flow for accessing Talend Cloud APIs. This service account specific token is more secure than the personal access tokens typically used by a user.
It is recommended to use service accounts along with their access tokens to issue API calls, when a specific user does not need to be involved in these calls.

Media type

application/json

Endpoints

https://api.eu.cloud.talend.com
URL for the AWS Europe region
https://api.ap.cloud.talend.com
URL for the AWS Asia Pacific region
https://api.us.cloud.talend.com
URL for the AWS United States East region
https://api.au.cloud.talend.com
URL for the AWS Australia region
https://api.us-west.cloud.talend.com
URL for the Azure United States West region

Global security

These security schemes apply to the entire API

Public

Security scheme

This scheme can be referenced across the API

Public

Basic authentication
Name	Description

Headers
Name	Description	Type	Attributes and examples
Authorization	Base64 encoding of a client_id:client_secret pair. For example, if the service account uses “Aladdin” as the client id and “open_sesame” as the secret, then the header’s value is the Base64 encoding of “Aladdin:open_sesame”, or “QWxhZGRpbjpvcGVuIHNlc2FtZQ==”.	string Required	Example Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Get JWT token

POST /security/oauth/token

Use the service account credentials to get an OAuth2 JWT access token through the Client Credentials Grant flow.
Required permission to use this endpoint: Service Account - Manage. The ID of this permission is TMC_SERVICE_ACCOUNT_MANAGEMENT.

Use cases

Generating a service account token

Request

Query parameters
Name	Description	Type	Attributes and examples
talendVersion	API version	string Optional

Headers
Name	Description	Type	Attributes and examples
talend-version	API version	string Optional

Body

TokenRequest

Response

200Status 200

Token is generated successfully

Body

TokenResponse

401Status 401

The ClientId or Secret is missing or invalid

403Status 403

The account provided does not have the required permissions

500Status 500

500 - Internal Server Error

A token request is an object used to obtain an access token through the OAuth 2 Client Credentials Grant flow.

Object

Name	Description	Type	Attributes and examples
grant_type	The OAuth 2 flow that must be used to obtain an access token. The value must be set to “client_credentials”.	string Required	Example client_credentials
audience	The unique identifier of the target API to access	string Required	Example https://api.eu.cloud.talend.com/

Access token is returned in this response.

Object

Name	Description	Type	Attributes and examples
access_token	The access token obtained in JWT format.	string Required	Example eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
token_type	The type of the token issued as described in the OAuth 2 specification. The value is usually “Bearer”.	string Required	Example Bearer
expires_in	The lifetime in seconds of the access token. For example, the value 3600 denotes that the access token expires at the end of one hour from the time the response is generated.	string Optional	Example 3600

↑