Get started with OAuth machine-to-machine
Overview
Machine-to-Machine (M2M)-enabled OAuth clients are a powerful and secure way to manage and automate operations on your Qlik Cloud tenant. They require no user interaction and have the Tenant Admin role, which gives you complete control over your tenant.
M2M OAuth clients use Client Credentials Flow
to authenticate with the Qlik Cloud
authorization server. OAuth clients pass the Client ID
and Client Secret
fields in the
request body to the /oauth/token
endpoint. The authorization server validates the
credentials and responds back with an Access Token
, which the application can use
in making API requests.
In this tutorial, you will learn how to use M2M-enabled OAuth clients with:
Prerequisites
- An OAuth client with the M2M flow enabled.
- Qlik-CLI installed on your machine.
- Qlik Python SDK.
- Qlik Typescript API.
Using OAuth clients with Qlik-CLI
Qlik-CLI allows you to authenticate to your tenant using an OAuth M2M client.
You can initialize a new context using the following command:
qlik context init <context name>
Then, enter your tenant URL.
Acquiring access to Qlik Cloud
Specify your tenant URL, usually in the form: https://<tenant>.<region>.qlikcloud.com
Where <tenant> is the name of the tenant and <region> is eu, us, ap, and so forth.
Enter tenant url:
Then, you need to choose OAuth for the authentication type.
Specify what type of authentication should be used i.e API-Key (A) or OAuth (O). Default is API-Key (A).
A/O?: O
Then, provide the OAuth Client ID and Client Secret.
To complete this setup, you must have a Client ID and Client Secret for OAuth. If you’re unsure, you can ask your tenant administrator or go to Get started with Qlik-CLI.
Client ID: <my-client-id>
Client Secret: <my-client-secret>
The context is now ready to use. Start by executing Qlik-CLI commands.
qlik user me
Qlik API
Install @qlik/api
using:
npm i @qlik/api
Next, create a JavaScript (.js
) file and paste the following code in it.
Remember to modify it to include your host
, clientId
, and clientSecret
that you obtained previously.
import { auth, spaces } from "@qlik/api";
const hostConfig = {
host: "your-tenant.region.qlikcloud.com",
authType: "oauth2",
clientId: "<client-id>",
clientSecret: "<client-secret>",
};
auth.setDefaultHostConfig(hostConfig);
async function main() {
const { data: mySpaces } = await spaces.getSpaces({});
console.log(mySpaces.data); // the data response (list of spaces)
}
await main();
Run the JavaScript file you previously created. The response will have a JSON object containing the user’s information.
Python
Install the SDK using:
python3 -m pip install --upgrade qlik-sdk
Next, create a Python (.py
) file and paste the following code in it.
Remember to modify it to include your host
, clientId
, and clientSecret
that you obtained previously.
from qlik_sdk import Auth, AuthType, Config
# define your OAuth client
client = Auth(
config=Config(
auth_type=AuthType.OAuth2,
host=<YOUR_TENANT_HOST>,
client_id=<YOUR_OAUTH_M2M_CLIENT_ID>,
client_secret=<YOUR_OAUTH_M2M_CLIENT_SECRET>,
)
)
# authorize the client
client.authorize()
# test the client by making a REST call.
# in this example we are using the '/users/me'
# endpoint. It will return a JSON object
# containing the user's information.
response = client.rest(path="/users/me")
Run the Python file you previously created. The response will have the user’s information.
Making REST Calls
Note: This section doesn’t require the Qlik SDK.
You can make REST calls with the M2M OAuth client. First, you need to obtain an access token.
curl -X POST 'https://<tenant>.<region>.qlikcloud.com/oauth/token' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data-raw '{
"client_id": "<OAUTH_M2M_CLIENT_ID>",
"client_secret": "<OAUTH_M2M_CLIENT_SECRET>",
"grant_type": "client_credentials"
}'
You will get a response similar to the one below,
which contains an access_token
that you can use
to make REST calls.
{
"access_token": "eyJhbGciOiJFUzM4NCIsInR...",
"token_type": "bearer",
"expires_at": "2022-11-11T01:08:54.000Z",
"expires_in": 21600
}
Next, you can use the token you created to make REST calls.
In this example, you’re calling the /api/v1/tenants/me
endpoint, which will
return a JSON object containing the tenant’s information.
curl --location --request GET 'https://<tenant>.<region>.qlikcloud.com/api/v1/tenants/me' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'