The OAuth 2.0 APIs enables programmatic, machine-to-machine authorization to Alation APIs.
It provides endpoints for generating, validating, and verifying JWT access tokens using the client_credentials grant type.
Before using this API, you must create a client application under: Admin Settings → Authorization → OAuth Client Applications.
Features
- Non-user (machine) authentication.
- Token issuance via
client_credentials. - Token validation and introspection.
- JWKS endpoint for offline verification.
API Endpoints
1. Generate Token
POST /token/
/token/Generates a JSON Web Token (JWT) using the client_credentials grant.
2. Introspect Token
POST /introspect/
/introspect/Introspects a JWT to verify whether it is active and retrieves associated claims.
3. Retrieve JWKS
GET /.well-known/jwks.json/
/.well-known/jwks.json/Returns the JSON Web Key Set (JWKS) containing all public keys used to validate JWTs.
Keys may be cached and used offline with verification libraries.
Authentication
- HTTP Basic (
client_id+client_secret) - Using body parameters
Supported Grant Types
| Grant Type | Purpose |
|---|---|
client_credentials | Service Authentication |
Availability
Available only for Alation Cloud Service customers on cloud‑native architecture.
References
- OAuth 2.0 (RFC 6749)
- Token Introspection (RFC 7662)
- JWKS (RFC 7517)