Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. RESTful API
  5. Authentication
  6. Authentication token

Authentication token

The authentication token contains the ID of the application to which a client system is requesting access. The application contains two attributes: application ID and application secret, the latter is cryptographic nonce used to sign the token, thus ensuring the authenticity of the caller and therefore, it must be shared between client and server. The authentication endpoint has a mechanism to verify the signature and eventually proceed to grant access to the application, if the client request is indeed allowed.
The client will create the authentication token by indicating the application ID as a claim and sign it using the application secret. The authentication token must have the following claims, which are registered and conform to the JWT standard:
Claim
Type
Description
Registered Claims
exp
NumericDate
Date and time when the token expires and is no longer valid for processing. This is Unix epoch time in seconds.
The longest time-span honored by the service is 30 minutes from the value specified in the iat claim. Specifying a longer time-span will result in an HTTP 400 (Bad Request) response from the server.
iat
NumericDate
Time when the token was issued, measured by Unix epoch time in seconds.
iss
StringOrUri
Represents the principal issuing the token, which is http://cylance.com.
jti
String
Unique ID for the token, which can be used to prevent reply attacks.
sub
StringOrUri
Principal subject to the claim, which this would hold our application ID.
Custom Claims
src
String
Include the source API in the token which allows you to audit where API calls originated. this parameter validation requirements:
  • alphanumeric and double-byte characters are allowed
  • should remove leading and trailing whitespaces
  • needs to filter for potential XSS/injection attack strings and other special characters
This field can be a source computer name, IP address, or an App ID (Settings > Integrations).
tid
String
Tenant ID (available on the Integrations page in the console).
For example:
Authentication token - adding required token claims
DateTime now = DateTime.UtcNow;
long unixTimestamp = now.ToUnixTimestamp();

token.Claims.Add("iss", "http://cylance.com");
token.Claims.Add("iat", now.ToUnixTimestamp(););
token.Claims.Add("exp", now.AddMinutes(1).ToUnixTimestamp());
token.Claims.Add("sub", "k45f6798092hjdhs836h");
token.Claims.Add("jti", "k45f6798092hjdhs836h+d82c7976-ef46-47b6-80ce-4dda3c91bba3");
token.Claims.Add("tid", "f00e9987-ee61-57b7-80cf-5eeb3d02ccb4”);
token.claims.Add(“src”, “Example_computer_name”)