Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. RESTful API
  5. Authentication
  6. Generate the authentication and access tokens

Generate the authentication and access tokens

The authentication token can be generated using
Python
. You can use the
Python
 example below, adding the required token claims that you need.
BlackBerry
 does have a knowledge base article with an example for installing Python and PyJWT on Windows; this example is provided as is and there is no guarantee the example will work in your environment.
Software requirements:
  • Python
     3.9 (latest version recommended)
  • PyJWT package (pip install PyJWT)
  • Requests package (pip install requests)
  • Copying the
    Python
     example from the PDF requires proper formatting in
    Python
     due to the extra line breaks that can cause an error. Use the example in the HTML version of this guide.
  • Example using C# is available upon request.
Python Example
# WARNING: Copying this example from the PDF requires proper
# formatting in Python due to the extra lines breaks that
# can cause an error.
# RECOMMENDED: Copy the example using the HTML version of this guide.
# Note: In Python 3.9, encoding does not need the .decode option.
# The .decode option is available as a comment, in case you need it.

import jwt # PyJWT version 1.7.1 as of the time of authoring.
import uuid
import requests # requests version 2.22.0 as of the time of authoring
import json 
from datetime import datetime, timedelta

# 30 minutes from now
timeout = 1800
now = datetime.utcnow()
timeout_datetime = now + timedelta(seconds=timeout)
epoch_time = int((now - datetime(1970, 1, 1)).total_seconds())
epoch_timeout = int((timeout_datetime - datetime(1970, 1, 1)).total_seconds())

jti_val = str(uuid.uuid4())
tid_val = "" # The tenant's unique identifier.
app_id = "" # The application's unique identifier.
app_secret = "" # The application's secret to sign the auth token with.

AUTH_URL = "https://protectapi.cylance.com/auth/v2/token"

claims = {
    "exp": epoch_timeout,
    "iat": epoch_time,
    "iss": "http://cylance.com",
    "sub": app_id,
    "tid": tid_val,
    "jti": jti_val
    # The following is optional and is being noted here as an example on how one can restrict
    # the list of scopes being requested
    # "scp": ["policy:create","policy:list","policy:read","policy:update"]
}

encoded = jwt.encode(claims, app_secret, algorithm='HS256')
print ('auth_token:\n' + encoded + "\n")

payload = {"auth_token": encoded}
headers = {"Content-Type": "application/json; charset=utf-8"}
resp = requests.post(AUTH_URL, headers=headers, data=json.dumps(payload))

print("http_status_code: " + str(resp.status_code))
print("access_token:\n" + json.loads(resp.text)['access_token'] + "\n")