Skip Navigation

Generate the authentication and access tokens

The authentication token can be generated using
Python
. You can use the
Python
example below, adding the required token claims that you need.
BlackBerry
does have a knowledge base article with an example for installing Python and PyJWT on Windows; this example is provided as is and there is no guarantee the example will work in your environment.
Software requirements:
  • Python
    3.9 (latest version recommended)
  • PyJWT package (pip install PyJWT)
  • Requests package (pip install requests)
  • Copying the
    Python
    example from the PDF requires proper formatting in
    Python
    due to the extra line breaks that can cause an error. Use the example in the HTML version of this guide.
  • Example using C# is available upon request.
Python Example
# WARNING: Copying this example from the PDF requires proper # formatting in Python due to the extra lines breaks that # can cause an error. # RECOMMENDED: Copy the example using the HTML version of this guide. # Note: In Python 3.9, encoding does not need the .decode option. # The .decode option is available as a comment, in case you need it. import jwt # PyJWT version 1.7.1 as of the time of authoring. import uuid import requests # requests version 2.22.0 as of the time of authoring import json from datetime import datetime, timedelta # 30 minutes from now timeout = 1800 now = datetime.utcnow() timeout_datetime = now + timedelta(seconds=timeout) epoch_time = int((now - datetime(1970, 1, 1)).total_seconds()) epoch_timeout = int((timeout_datetime - datetime(1970, 1, 1)).total_seconds()) jti_val = str(uuid.uuid4()) tid_val = "" # The tenant's unique identifier. app_id = "" # The application's unique identifier. app_secret = "" # The application's secret to sign the auth token with. AUTH_URL = "https://protectapi.cylance.com/auth/v2/token" claims = { "exp": epoch_timeout, "iat": epoch_time, "iss": "http://cylance.com", "sub": app_id, "tid": tid_val, "jti": jti_val # The following is optional and is being noted here as an example on how one can restrict # the list of scopes being requested # "scp": ["policy:create","policy:list","policy:read","policy:update"] } encoded = jwt.encode(claims, app_secret, algorithm='HS256') print ('auth_token:\n' + encoded + "\n") payload = {"auth_token": encoded} headers = {"Content-Type": "application/json; charset=utf-8"} resp = requests.post(AUTH_URL, headers=headers, data=json.dumps(payload)) print("http_status_code: " + str(resp.status_code)) print("access_token:\n" + json.loads(resp.text)['access_token'] + "\n")