API Reference
HomeCommunityQuickStartsStatus
Start typing to search…

Generate Sigma API client credentials

To securely authenticate to the Sigma REST API, you must first generate client credentials. The client ID identifies the application or user making the request, and the client secret verifies that the application or user is authorized to use the Sigma REST API.

A developer can use the client credentials to generate a bearer token to authorize access to the Sigma API. If a request doesn't include a valid token, the API response returns an error.

The Sigma REST API also supports the use of OAuth override tokens in API calls. For more information, see Use OAuth override tokens.

API client credential security

API client credentials are associated with a specific organization member. When API requests are performed using a token generated with those credentials, the API response only returns data accessible to the authenticated user and permitted for their account type.

For security purposes, do not share API credentials for a user account with individuals that have fewer access permissions than those associated with the API credentials. For example, if you create API credentials with a user that has the Admin account type, do not share those credentials with users that have an account type with fewer permissions.

You can revoke credentials at any time. If you revoke credentials, update all applications and configurations that used the revoked credentials with new credentials.

User requirements

To generate API client credentials, you must be assigned the Admin account type.

Generate API client credentials

🚩

After you create the client credentials, you cannot view the client secret again in Sigma.

To generate API client credentials, do the following:

  1. From Sigma Home, open Administration, or click your user avatar to open the user menu and select Administration.

  2. In the side panel, select Developer Access.

    Developer Access page in Sigma, showing an empty list of existing client credentials and a button to Create New.

    💡

    Your API base URL is shown at the top of the page. Use that URL when sending requests to the Sigma API.

  3. Click Create new to set up new credentials.

    The Create client credentials modal opens.

  4. For Select scopes, select the checkbox for REST API to allow these credentials to be used for the API.

  5. For Name, enter a unique name to identify the credentials. For example, "Web app service account credentials".

  6. [optional] For Description, enter a description of purpose of the credentials. For example, "Inventory data entry web application API requests."

  7. For Owner, search for and select a member of your organization with whom to associate the credentials. The API secret uses the account type permissions assigned to this user.

  8. Click Create to generate the credentials.

    Create client credentials dialog, with the REST API checkbox selected, a name of My API, a description of API client credentials, and an owner of Sigma Docs, who has the Admin account type assigned.

  9. Copy the client ID and secret and securely store them for future reference.

    🚩

    You cannot access the client secret after closing the dialog.

    REST API Access Credentials dialog, with a revoked Client ID and Client secret visible.

Use client credentials to generate an access token

After generating credentials, you can use the Sigma authentication endpoint /v2/auth/token to generate an access token. The access token is used in the request header of your API requests to authenticate to your Sigma organization.

  1. Identify the base URL for your Sigma environment. For more information, see Identify your API request URL.
  2. Obtain the client ID and secret you generated in Generate API client credentials.
  3. Make a POST request to the authentication endpoint like the following:
Authentication request format
curl --request POST \
     --url <base_url>/v2/auth/token \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data grant_type=client_credentials \
     --data client_id=<client_id> \
     --data client_secret=<client_secret>
💡

This example shows how to make a POST request to the authentication endpoint from the terminal. You can also use tools like Postman to make the request, and to manage variables like your client_id, client_secret, and base_url. For step-by-step instructions on using Postman with the Sigma API, see Sigma API with Postman.

The response includes an access token that you can use to authenticate your requests to the API. The access token is valid for 1 hour. After 1 hour, you must refresh your existing token or generate a new one.

The response body includes the access token, a refresh token, the token type, and the number of seconds until the access token expires, in the following format:

Authentication response format
{
    "access_token":"<access_token>",
    "refresh_token":"<refresh_token>",
    "token_type":"bearer",
    "expires_in":3599
}
Resources
Sigma home
Blog
Learn
Sigma Community
© Sigma Computing