Skip Navigation

Authentication token

The authentication token contains the ID of the application to which a client system is requesting access. The application contains two attributes: application ID and application secret, the latter is cryptographic nonce used to sign the token, thus ensuring the authenticity of the caller and therefore, it must be shared between client and server. The authentication endpoint has a mechanism to verify the signature and eventually proceed to grant access to the application, if the client request is indeed allowed.
The client will create the authentication token by indicating the application ID as a claim and sign it using the application secret. The authentication token must have the following claims, which are registered and conform to the JWT standard:
Claim
Type
Description
Registered Claims
exp
NumericDate
Date and time when the token expires and is no longer valid for processing. This is Unix epoch time in seconds.
The longest time-span honored by the service is 30 minutes from the value specified in the iat claim. Specifying a longer time-span will result in an HTTP 400 (Bad Request) response from the server.
iat
NumericDate
Time when the token was issued, measured by Unix epoch time in seconds.
iss
StringOrUri
Represents the principal issuing the token, which is http://cylance.com.
jti
String
Unique ID for the token, which can be used to prevent reply attacks.
sub
StringOrUri
Principal subject to the claim, which this would hold our application ID.
Custom Claims
scp
String
Comma delimited scopes requested, which can be optional. For a list of scopes and descriptions, see Scope values for authentication token.
tid
String
Tenant ID (available on the Integrations page in the console).
For example:
Authentication token - adding required token claims
DateTime now = DateTime.UtcNow; long unixTimestamp = now.ToUnixTimestamp(); token.Claims.Add("iss", "http://cylance.com"); token.Claims.Add("iat", now.ToUnixTimestamp();); token.Claims.Add("exp", now.AddMinutes(1).ToUnixTimestamp()); token.Claims.Add("sub", "k45f6798092hjdhs836h"); token.Claims.Add("jti", "k45f6798092hjdhs836h+d82c7976-ef46-47b6-80ce-4dda3c91bba3"); token.Claims.Add("tid", "f00e9987-ee61-57b7-80cf-5eeb3d02ccb4”); token.claims.Add(“scp”, “policy:create, policy:list, policy:read, policy:update”)