Retrieving an access token
You must get an IBM Cloud® Identity and Access Management (IAM) access token to authenticate your requests to the IBM® Cloud Logs Routing service.
Retrieving an access token with the CLI
You can use the IBM Cloud CLI to quickly generate your personal Cloud IAM access tokenA value used by the consumer to gain access to the protected resources on behalf of the user, instead of using the user's service provider credentials..
-
Log in to IBM Cloud with the IBM Cloud CLI.
ibmcloud login
If the login fails, run the
ibmcloud login --sso
command to try again. The--sso
parameter is required when you log in with a federated ID. If this option is used, go to the link listed in the CLI output to generate a one-time pass code. -
Run the following command to retrieve your IBM Cloud IAM access token and export it as an environment variable by running the following command:
export IAM_TOKEN=`ibmcloud iam oauth-tokens --output json | jq -r '.iam_token'`
Retrieving an access token with the API
You can also retrieve your access token programmatically by first creating a service ID API key for your application, and then exchanging your API key for an IBM Cloud IAM token.
-
Create a service ID API key.
-
Call the IAM Identity Services API to retrieve your access token.
$ curl -X POST \ "https://iam.cloud.ibm.com/identity/token" \ -H "content-type: application/x-www-form-urlencoded" \ -H "accept: application/json" \ -d 'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=<API_KEY>' > token.json
In the request, replace
<API_KEY>
with the API key that you created in the previous step. The following truncated example shows the contents of thetoken.json
file:{ "access_token": "b3VyIGZhdGhlc...", "expiration": 1512161390, "expires_in": 3600, "refresh_token": "dGhpcyBjb250a...", "token_type": "Bearer" }
Access tokens are valid for 1 hour, but you can regenerate them as needed.