External API call authentication :



From the console, if I create a local user (not okta), assign it to a group and set a password.

Is there a way to generate a token to prevent to use the password in clear when doing API calls ?
Or it’s necessary to first authenticate and store/re-use the token from the cookie ?



When you say “doing API calls” do you mean rest api calls over HTTP? You could an ssh key generate a key using the C3 CLI “c3 key” command and then use that key in subsequent “c3” commands


You could also create oauth token and use that for rest api calls


Not sure what you mean by ‘in the clear’ if you mean in the clear on the wire, it will not be if you use https. So you should always use https, which encrypts the full http request (headers, cookies, etc), so neither the password nor the tokens will be in the clear on the wire. Said this, the preferred way to authenticate API calls is to use an OAUTH token. Please refer to documentation (it includes examples).


Hello @rileysiebel, yes POST HTTP using axios (js) for example.

That’s a terrible example let say a call to get the count of the queue ( like : https://xxxxxxx.c3-e.com/api/1/tenant/tag/InvalidationQueue?action=countAll ).

@venkata.paruchuri, if that’s suitable why not



@matthieurolla, please refer to the OAUTH documentation, that is the preferred way, but as I said if you use the https endpoint anything you send in the body and headers of the https request will be encrypted (i.e. not in the clear).


Hello @garnaiz,

Thanks I will look into it.


Where is the OAUTH documentation for c3 located?


There is a documentation article entitled “OAuth Authorization”


I am afraid I don’t know where that is or what that is. Can you provide me a link or instructions?


All docs can be found in the same place. Go to the console (yourC3Env.com/static/console) then click help -> documentation. From there you can click “In Depth” for articles (like the one called OAuth Authorization) or “types” for documentaiton on types.