Providing you are a LUSID user with sufficient privileges, you can specify a client ID and then get LUSID to generate a client secret for you.
Note: If you are the LUSID domain owner, you are automatically assigned the built-in lusid-administrator
role, which has all the permissions necessary to perform the operations in this article
Once generated, you can use these details to obtain a short-lived API access token and use it to authorise calls to the LUSID API, either directly or via the SDK.
Using the LUSID web app
To get LUSID to generate a client secret and then reveal it:
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Applications:
- On the Applications dashboard, click the Create application button:
- Specify a Client Id (no spaces) and a Display name, and click the Save button. LUSID automatically generates a client secret.
- On the Applications dashboard, click the View icon to reveal the client secret and Okta's dedicated token URL for your LUSID domain:
Note: Exporting credentials is useful when you want to call the LUSID API using the SDK.
Using the Identity API
You can use the Identity API to generate and then reveal a client secret the second and subsequent times you want to do so.
Note: Because you need an API access token to call the Identity API (for which you need a client secret), you'll either need to use the LUSID web app the first time, or else pass in a personal access token instead (which doesn't require a client secret).
- Obtain an API access token, if possible.
- Call the Identity CreateApplication API endpoint for your LUSID domain, passing in your access token, a client ID and friendly name that are unique within your domain, and a type of
Native
. For example:curl -X POST "https://<your-domain>.lusid.com/identity/api/applications" -H "Authorization: Bearer <your-access-token>" -H "Content-Type: application/json" -d "{'clientId':'example-sdk-app','displayName':'Example SDK application','type':'Native'}"
The response contains an automatically-generated clientsecret
, and anissuer
that is Okta's dedicated token URL for your LUSID domain:{ "id": "0oabw8p5aaGCl5zAA2p8", "type": "Native", "displayName": "Example SDK application", "secret": "k94QiqJMrPOJaoUB0MJecOu0blANeWHX4MdcqdYH", "clientId": "example-sdk-app", "issuer": "https://lusid-<your-domain>.okta.com/oauth2/aus91lnun55CZDvav6p7" }