The Cortex Data Lake API implements OAuth 2.0 for delegating access to the Query Service.
The libraries and SDKs published by DevRel come equipped with OAuth 2.0 support to ease the process of:
- Generating the authorization URL
- Exchanging and authorization code for tokens (authorization code grant)
- Refreshing tokens
- Revoking tokens
- Token caching
- Using a custom credentials store or provider
Today, there are two types of credentials supported:
- OAuth 2.0 credentials (
- Developer Tokens (obtained from API Explorer)
The primary difference between the two is that the first requires a user-agent (web app) capable of performing the OAuth 2.0 authorization code grant flow, whereas the second empowers developers to quickly get started, by leveraging API Explorer’s built-in token redemption service.
If you are looking to build your own multi-tenant web application, work with the Developer Relations team to register your app manifest in order to receive the credentials needed to perform the authorization flow:
A successful authorization will return a
refresh_token that can be combined with the
client_secret to refresh your
access_token whenever necessary. The CDL libraries and SDKs are capable of abstracting the refresh process, such that auto-refresh is performed, as needed, prior to each API request.
Developer Tokens is a new concept that enables developers to quickly get started by offloading the OAuth 2.0 authorization code grant flow to API Explorer, in exchange for a
Developer Token. You can think of Developer Tokens as "temporary access tokens."