To securely authenticate to the Sigma REST API, you must first generate client credentials. The client ID identifies the application or user making the request, and the client secret verifies that the application or user is authorized to use the Sigma REST API.
A developer can use the client credentials to generate a bearer token to authorize access to Sigma's API. If a request doesn't include a valid token, the API response returns an error.
API client credential security
API client credentials are associated with a specific organization member. When API requests are performed using a token generated with those credentials, the API response only returns data accessible to the authenticated user and permitted for their account type.
For security purposes, do not share API credentials for a user account with individuals that have fewer access permissions than those associated with the API credentials. For example, if you create API credentials with a user that has the Admin account type, do not share those credentials with users that have an account type with fewer permissions.
You can revoke credentials at any time. If you revoke credentials, update all applications and configurations that used the revoked credentials with new credentials.
User requirements
To generate API client credentials, you must be assigned the Admin account type.
Generate API client credentials
After you create the client credentials, you cannot view the client secret again in Sigma.
To generate API client credentials, do the following:
-
From Sigma Home, open Administration, or click your user avatar to open the user menu and select Administration.
-
In the side panel, select Developer Access.
-
Click Create New to set up new credentials.
The Create client credentials dialog opens. -
For Select privileges, select the checkbox for REST API to allow these credentials to be used for the API.
-
For Name, enter a unique name to identify the credentials. For example, "Web app service account credentials".
-
[optional] For Description, enter a description of purpose of the credentials. For example, "Inventory data entry web application API requests."
-
For Owner, search for and select a member of your organization with whom to associate the credentials. The API secret uses the account type permissions assigned to this user.
-
Click Create to generate the credentials.
-
Copy the client ID and secret and securely store them for future reference.
You cannot access the client secret after closing the dialog.