Skip to main content
To interact with the NexusOne API, you must authenticate using either OAuth 2.0 or an API key.

OAuth 2.0 access token

When you purchase and deploy NexusOne, the deployment script does the following:
  1. Creates your client ID and secret in Keycloak.
  2. Assigns the default NexusOne roles to the client’s service account.
  3. You can then use the client ID and secret, along with a profile scope, to generate the token.
If you aren’t an administrator, then you must ask your administrator to assign a role to your user account.
Here is an example showing how to use a cURL command to generate an access token after getting your client ID and secret in Keycloak.
  1. Install the latest version of jq.
  2. Create a variable for the client name, ID, and secret. 
    export client_name=companyA
export client_id=myID
export client_secret=mySecret
  3. Generate the access token. 
    curl -sX POST "https://sso.prod.nx1cloud.com/realms/$client_name/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "scope=profile" \
  -d "client_id=$client_id" \
  -d "client_secret=$client_secret" | jq
  4. After generating the access token, you should see a similar output. Copy the value of access_token, the long string inside the quotes. 
    {
  "access_token": "ThisIsALongAccessTokenStringCopyIt",
  "expires_in": 600,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "email openid profile"
}
API endpoints such as Creates query for a card require authentication. These types of API endpoints expect you to use an OAuth2AuthorizationCodeBearer security method and also add the access token value in the Authorization attribute before sending an API call.

API or PSK key

The API key, also known as a Pre-Shared Key (PSK), grants you access to interact with the NexusOne API endpoints. This section outlines how to get, regenerate, or delete your API key.

Get your API key

There are two ways to get your API key, either the NexusOne team issues you one as part of your cluster deployment or you generate one using the NexusOne portal.

Issued as part of your cluster deployment

When you purchase and deploy NexusOne in your Kubernetes cluster, you receive an API key. If the Nexus Cognitive team is managing your deployed environment, you can also request for the API key at any time.

Generated using the NexusOne portal

To generate your API key, use the following steps:
  1. Log in to NexusOne.
  2. On the NexusOne homepage, click your profile name initials showing at the top right corner of the page.
  3. Click Settings to view your profile settings.
  4. In the Personal PSK section of the page, click +.
  5. Enter a description for the new PSK.
  6. Click Create.
  7. Copy the PSK that appears. You can now use it in your app.

Regenerate your API key

To regenerate your API key, use the following steps:
  1. Log in to NexusOne.
  2. On the NexusOne homepage, click your profile name initials showing at the top right corner of the page.
  3. Click Settings to view your profile settings.
  4. In the Personal PSK section of the page, click +.
  5. Enter a description for the new PSK.
  6. Click Regenerate and confirm your selection.
  7. Copy the PSK that appears. You can now use it in your app.

Delete your API key

To delete your API key, use the following steps:
  1. Log in to NexusOne.
  2. On the NexusOne homepage, click your profile name initials showing at the top right corner of the page.
  3. Click Settings to view your profile settings.
  4. In the Personal PSK section of the page, click +.
  5. Enter a description for the new PSK.
  6. Click Delete and confirm your selection.
API endpoints such as Retrieves data from view require authentication. These types of API endpoints expect you to use an APIKeyHeader security method and add the API key value in the Authorization-PSK attribute before sending an API call.