Skip to content

Get started with OAuth machine-to-machine

Overview

Machine-to-Machine (M2M)-enabled OAuth clients are a powerful and secure way to manage and automate operations on your Qlik Cloud tenant. They require no user interaction and have the Tenant Admin role, which gives you complete control over your tenant.

M2M OAuth clients use Client Credentials Flow to authenticate with the Qlik Cloud authorization server. OAuth clients pass the Client ID and Client Secret fields in the request body to the /oauth/token endpoint. The authorization server validates the credentials and responds back with an Access Token, which the application can use in making API requests.

In this tutorial, you will learn how to use M2M-enabled OAuth clients with:

Prerequisites

Using OAuth clients with Qlik-CLI

Qlik-CLI allows you to authenticate to your tenant using an OAuth M2M client.

You can initialize a new context using the following command:

qlik context init <context name>

Then, enter your tenant URL.

Acquiring access to Qlik Cloud

Specify your tenant URL, usually in the form: https://<tenant>.<region>.qlikcloud.com
Where <tenant> is the name of the tenant and <region> is eu, us, ap, and so forth.
Enter tenant url:

Then, you need to choose OAuth for the authentication type.

Specify what type of authentication should be used i.e API-Key (A) or OAuth (O). Default is API-Key (A).
A/O?: O

Then, provide the OAuth Client ID and Client Secret.

To complete this setup, you must have a Client ID and Client Secret for OAuth. If you’re unsure, you can ask your tenant administrator or go to Get started with Qlik-CLI.

Client ID: <my-client-id>

Client Secret: <my-client-secret>

The context is now ready to use. Start by executing Qlik-CLI commands.

qlik user me

Qlik API

Install @qlik/api using:

npm i @qlik/api

Next, create a JavaScript (.js) file and paste the following code in it. Remember to modify it to include your host, clientId, and clientSecret that you obtained previously.

import { auth, spaces } from "@qlik/api";

const hostConfig = {
  host: "your-tenant.region.qlikcloud.com",
  authType: "oauth2",
  clientId: "<client-id>",
  clientSecret: "<client-secret>",
};

auth.setDefaultHostConfig(hostConfig);

async function main() {
  const { data: mySpaces } = await spaces.getSpaces({});
  console.log(mySpaces.data); // the data response (list of spaces)
}

await main();

Run the JavaScript file you previously created. The response will have a JSON object containing the user’s information.

Using Fetch API

You can make calls with Fetch using an M2M OAuth client. First, you need to obtain an access token.

async function getAccessToken() {
  const options = {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "Accept": "application/json",
    }
    clientId: "<OAUTH_M2M_CLIENT_ID>",
    clientSecret: "<OAUTH_M2M_CLIENT_SECRET>",
    grant_type: "client_credentials",
    scope: "user_default",  // Optional: space delimited list of scopes to grant the access token. Leave blank to inherit from OAuth client.
  }

  const response = await fetch("https://<tenant>.<region>.qlikcloud.com/oauth/token", options);
  if(response?.ok){
    const tokenInfo = await response.json();
    return tokenInfo.access_token;
  }

  console.log("Handle the error");
  return null;
}

The getAccessToken function will return an access token. You can now use the access token to call a REST endpoint. In this example, you’re calling the /api/v1/tenants/me endpoint, which will return a JSON object containing the tenant’s information.

const accessToken = await getAccessToken();

const options = {
  method: "GET",
  headers: {
    "Content-Type": "application/javascript",
    "Authorization": `Bearer ${accessToken}`
  }
}

const response = await fetch("https://<tenant>.<region>.qlikcloud.com/api/v1/tenants/me", options);
if(response?.ok) {
  const data = await response.json();
  return data;
}

console.log("Handle the error");
return null;

Python

Install the SDK using:

python3 -m pip install --upgrade qlik-sdk

Next, create a Python (.py) file and paste the following code in it. Remember to modify it to include your host, clientId, and clientSecret that you obtained previously.

from qlik_sdk import Auth, AuthType, Config

# define your OAuth client
client = Auth(
    config=Config(
        auth_type=AuthType.OAuth2,
        host=<YOUR_TENANT_HOST>,
        client_id=<YOUR_OAUTH_M2M_CLIENT_ID>,
        client_secret=<YOUR_OAUTH_M2M_CLIENT_SECRET>,
    )
)

# authorize the client
client.authorize()

# test the client by making a REST call.
# in this example we are using the '/users/me'
# endpoint. It will return a JSON object
# containing the user's information.
response = client.rest(path="/users/me")

Run the Python file you previously created. The response will have the user’s information.

Making REST Calls

Note: This section uses curl via command line to make calls.

You can make REST calls with the M2M OAuth client. First, you need to obtain an access token.

curl -X POST 'https://<tenant>.<region>.qlikcloud.com/oauth/token' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data-raw '{
    "client_id": "<OAUTH_M2M_CLIENT_ID>",
    "client_secret": "<OAUTH_M2M_CLIENT_SECRET>",
    "grant_type": "client_credentials"
}'

You will get a response similar to the one below, which contains an access_token that you can use to make REST calls.

{
    "access_token": "eyJhbGciOiJFUzM4NCIsInR...",
    "token_type": "bearer",
    "expires_at": "2022-11-11T01:08:54.000Z",
    "expires_in": 21600
}

Next, you can use the token you created to make REST calls. In this example, you’re calling the /api/v1/tenants/me endpoint, which will return a JSON object containing the tenant’s information.

curl --location --request GET 'https://<tenant>.<region>.qlikcloud.com/api/v1/tenants/me' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'
Was this page helpful?