Get started with OAuth machine-to-machine

Overview

Machine-to-Machine (M2M) enabled OAuth clients are a powerful and secure way to manage and automate operations on your Qlik Cloud tenant. They require no user interaction and have the Tenant Admin role, which gives you complete control over your tenant.

M2M OAuth clients use Client Credentials Flow to authenticate with the Qlik Cloud authorization server. OAuth clients pass Client ID and Client Secret fields in the request body to the /oauth/token endpoint. The authorization server validates the credentials and responds back with an Access Token, which the application can use in making API requests.

In this tutorial, you will learn how to use M2M enabled OAuth clients with:

Prerequisites

Using OAuth clients with Qlik-CLI

Qlik-CLI allows you to authenticate to your tenant using an OAuth M2M client.

You can initialize a new context using the following command:

qlik context init <context name>

Then, enter your tenant URL.

Acquiring access to Qlik Cloud

Specify your tenant URL, usually in the form: https://<tenant>.<region>.qlikcloud.com
Where <tenant> is the name of the tenant and <region> is eu, us, ap, and so forth.
Enter tenant url:

Then, you need to choose OAuth for the authentication type.

Specify what type of authentication should be used i.e API-Key (A) or OAuth (O). Default is API-Key (A).
A/O?: O

Then, provide the OAuth Client ID and Client Secret.

To complete this setup, you must have a Client ID and Client Secret for OAuth.
If you're unsure, you can ask your tenant-admin or go to https://qlik.dev/libraries-and-tools/qlik-cli#get-started.

Client ID: <my-client-id>

Client Secret: <my-client-secret>

The context is now ready to use. Start by executing qlik-cli commands.

qlik user me

Using OAuth clients with Qlik Platform SDKs

Depending on the programming language you are using, you can choose between these languages:

Typescript

Install the SDK using:

npm i @qlik/sdk

Next, create a JavaScript (.js) file and paste the following code in it. Remember to modify it to include your host, clientId, and clientSecret you obtained previously.

const { Auth, AuthType } = require('@qlik/sdk');

// define your OAuth client
const auth = new Auth({
  authType: AuthType.OAuth2,
  host: <YOUR_TENANT_HOST>,
  clientId: <YOUR_OAUTH_M2M_CLIENT_ID>,
  clientSecret: <YOUR_OAUTH_M2M_CLIENT_SECRET>
});

(async () => {
  // authorize the client
  await auth.authorize();

  // test the client by making a REST call.
  // in this example we are using the '/users/me'
  // endpoint. It will return a JSON object
  // contaning the user's information.
  const response = await auth.rest('/users/me');
})();

Run the JavaScript file you previously created. The response will have a JSON object containing the user's information.

Python

Install the SDK using:

python3 -m pip install --upgrade qlik-sdk

Next, create a Python (.py) file and paste the following code in it. Remember to modify it to include your host, clientId, and clientSecret you obtained previously.

from qlik_sdk import Auth, AuthType, Config

# define your OAuth client
client = Auth(
    config=Config(
        auth_type=AuthType.OAuth2,
        host=<YOUR_TENANT_HOST>,
        client_id=<YOUR_OAUTH_M2M_CLIENT_ID>,
        client_secret=<YOUR_OAUTH_M2M_CLIENT_SECRET>,
    )
)

# authorize the client
client.authorize()

# test the client by making a REST call.
# in this example we are using the '/users/me'
# endpoint. It will return a JSON object
# containing the user's information.
response = client.rest(path="/users/me")

Run the Python file you previously created. The response will have the user's information.

Making REST Calls

Note: This section doesn't require the Qlik SDK.

You can make REST calls with the M2M OAuth client. First, you need to obtain an access token.

curl POST 'https://<tenant>.<region>.qlikcloud.com/oauth/token' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data-raw '{
    "client_id": <OAUTH_M2M_CLIENT_ID>,
    "client_secret": <OAUTH_M2M_CLIENT_SECRET>,
    "grant_type": "client_credentials"
}'

You will get a response, similar to the one below, which contains an access_token that you can use to make REST calls.

{
    "access_token": "eyJhbGciOiJFUzM4NCIsInR...",
    "token_type": "bearer",
    "expires_at": "2022-11-11T01:08:54.000Z",
    "expires_in": 21600
}

Next, you can use the token you created to make REST calls. In this example you are calling the /api/v1/tenants/me endpoint, which will return a JSON object containing the tenant's information.

curl --location --request GET 'https://<tenant>.<region>.qlikcloud.com/api/v1/tenants/me' \
--header 'Authorization: Bearer <ACCESS_TOKEN>'
Was this page helpful?