Risk Cloud API: Authentication

Updated on: January 17, 2022

How to use Risk Cloud's API to create or retrieve an API Access Token

The Risk Cloud API uses OAuth 2.0 for authentication which uses a bearer token in the Authorization http header. In order to start using the API, first retrieve your Client and Secret keys from the Profile page. This can be navigated to by clicking the Person icon in the top right corner and then the Profile button.

In the Profile page, go to the "Access Key" tab. If this tab is not there, please contact your Risk Cloud administrator as you may not have API privileges.

In the "Access Key" tab you will see both Client and Secret keys. These are both necessary to generate an access key or retrieve an existing access key.

*Note that this panel also has the ability to generate the Access Key on its own.
After having both Client and Secret keys they will need to be base64 encoded with a colon in between them: {CLIENT}:{SECRET}

Once they are encoded, take your encoded string and place it in the authorization header as Authorization: Basic {ENCODED}

Once this URL is pinged with the correct Authorization Header a JSON response will appear mimicking the following structure:

POST/api/v1/account/token

Response:

{
    "access_token": "KEY_HERE",
    "token_type": "bearer",
    "expires_in": 31532918,
    "scope": "read write"
}

The returned access token can then be used in the authorization header to interact with Risk Cloud's API

Authorization: Bearer {ACCESS_TOKEN}

Read Previous API Usage Guides

See why Risk Cloud was rated the #1 GRC platform on the G2 Grid for Winter 2023.

10 Purpose-Built GRC Solutions. One Connected Platform.

The Root of the Compliance vs Security Paradox

Upcoming Webinar

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

Risk Cloud API: Authentication