Generate API client credentials

Client credentials (a unique client ID and secret) are crucial to the secure authentication and authorization of API requests. The client ID identifies the application making the request, and the client secret verifies that the application is authorized to use Sigma's API.

This document explains how to generate the API client credentials in Sigma.

User requirements

To generate API client credentials, you must be assigned the Admin account type.

Understanding API authentication

Sigma authenticates API requests using client credentials generated and managed in your Sigma Administration portal. After you create these credentials, a developer can then use them to generate a one-hour access token to Sigma’s API. If a request doesn't include applicable credentials, Sigma returns an error.

Account-specific credentials

API client credentials are associated with a specific organization member, meaning Sigma’s API only returns data that is accessible to the authenticated user and permitted for their account type.

For security purposes, do not share API keys with individuals whose permissions should be less than that of the keys’ associated user account.

Credential security

For security purposes, Sigma provides a one-time view of the client secret at the time creation and does not display it again. Because the secret is non-retrievable (and anyone with access to existing client credentials can access Sigma’s API and your data), it's important that you store the secret securely when you create it.

If you lose the client secret, or it becomes compromised, you can revoke it and generate new credentials; however, this invalidates the previous secret. When you generate a new one, you must update all applications and configurations that used the revoked credentials.

Generate API client credentials

  1. Go to Administration > Developer Access:

    1. In the Sigma header, click your user avatar to open the user menu.

    2. Select Administration to open the Administration portal.

    3. In the side panel, select Developer Access.

  2. Click Create New to set up new credentials.

  3. In the Create client credentials modal, complete the form fields:

    1. In the Access credential type section, select the REST API option.

    2. In the Name field, enter a unique name to identify the credentials.

    3. (optional) In the Description field, enter a description about the purpose of the credentials.

    4. In the Owner field, select an organization member. The API secret uses the account type permissions associated with this user.

    5. Click Create to generate the credentials.

  4. In the REST API Access Credentials modal, copy the client secret and securely store it for future reference (you cannot retrieve it in Sigma later).

    You can also copy and securely store the client ID from the modal, but this information can be retrieved from the Developer Access page at any time.