Skip to main content

For Tenant Management API (organization-level)

Tenant management is authenticated using your organization-level application. Tokens obtained with these credentials are scoped for tenant management operations only.

How to get token

  1. Generate an RSA key pair and securely store the private key
  2. Provide the public key to Resistant AI so it can be registered for your OAuth2 client.
  3. Once completed, we return the corresponding client_id.
  4. Create JWT assertion token based on your private RSA key
    1. This assertion token will be used to authenticate against our okta authorization server.
    2. AT needs to contain:
      1. audience -> server toward which you’re authenticating
      2. issuer -> your client_id provided by us
      3. subject -> your client_id provided by us
      4. issuedAt
      5. expiration -> cannot have expiration longer than 60 minutes
    3. Helpful resource: https://developer.okta.com/docs/guides/build-self-signed-jwt/js/main/
  5. Send your JWT assertion token to the our okta authorization server (example below)
    1. This endpoint returns your access_token, which you can use to communicate with our Tenants API
Post to get token
POST /token HTTP/1.1
Host: https://eu.id.resistant.ai/oauth2/aus17c172cLOCWEyk417/v1/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
  code=i1WsRn1uB1&
  client_id=0oajncakofQmjxlSw0h3
  client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&
  client_assertion=PHNhbWxwOl ... ZT