Generating a service account token

Call the /security/oauth/token endpoint to generate a token for a service account.

Before you begin

About this task

In this section, the following API call is issued:

method: POST
endpoint: https://api.<env>
headers: {
 "Content-Type": "application/json",
 "Authorization": "Basic <encoded_Base64_value_of_id-secret_pair>"
payload: {

It is implemented in Talend API Tester for demonstration purposes.


  1. To generate a token, select POST from the Method list and in the field aside, enter the token endpoint to be used: https://api.<env>

  2. Click Add header twice to add two rows and enter the following key:value pairs:

    • Content-Type : application/json
    • Authorization : Basic <encoded_Base64_value_of_id-secret_pair>
  3. In the Body area, enter the content of this call.

  4. Click Send to issue your call.

    • The code 200 is returned with a token. This is the only time you see this token. Keep this token in a secret place. The service account needs this token to successfully issue API calls.
    • When using this token in the Authorization header to issue an API call, always add Bearer preceding a whitespace and then the actual token value. For example, Bearer your_service_account_token. This example, Using a service account to get users, shows how a service account token is used in an API request.
    • This token expires after 30 minutes. Cache or store this token and reuse it until it expires. Then use this base64 ID:secret combination again to obtain a new token.
  5. Save this API request and name it, for example, as Renew the SAT, so that you can reuse it to refresh the token.


Your service account is now ready to be used to call Talend services.

What to do next

You need to monitor when your token expires, in either a reactive or a proactive manner.