Authentication
Before using the Illumio REST API to access the PCE, you must use the Login Users API to authenticate with the Illumio Login Service and obtain an authentication token.
Authenticate to the Login Service
Before using the Illumio REST API to access the PCE, use the Login Users API to authenticate with the Illumio Login Service and obtain an authentication token. This authentication token expires in 30 seconds.
For SaaS customers, the PCE URL can be different based on their SaaS PCE:
SCP1 & SCP2 (US)
SCP3 UK only
SCP4 APAC
SCP5 (EMEA)
If you have deployed the PCE as software, then the hostname for the PCE is the value you defined for the 'pce_fqdn' parameter in the runtime_env.yml file.
Once obtained, you can pass the authentication token to the PCE you want to access using the Login API. Once you have authenticated with the PCE and received a session token, you can make additional API calls or create an API Key for persistent access to the PCE's API.
URI to Authenticate with the Login Service
POST [api_version]/login_users/authenticate
Create an Authentication Token for the Login Service
To create an authentication token and authenticate with the Login Service, specify the Fully Qualified Domain Name (FQDN) of the PCE you want to access in the call.
Parameter | Description | Type | Required |
|---|---|---|---|
| Fully Qualified Domain Name (FQDN) of the PCE If you have deployed the PCE virtual appliance in your network, use the FQDN specified during installation. | String | Yes |
Curl Commands for Authentication
When you received your invitation, you created your PCE account using an email and a password. Use these credentials to make a call and authenticate now.
If you haven't received an invitation, contact your Illumio administrator.
Example (local users only, use SAML ID for remote users):
[email protected](username)password(password)
You also need the FQDN of the Login Server plus the FQDN of the PCE host you want to access:
The Login Server FQDN for Cloud users is
https://login.illum.io:443The PCE FQDN is
scp1.illum.io
Note
The authorization token returned (auth_token) expires after 30 seconds of inactivity. Be ready to call GET users/login to create session credentials immediately after making a call to login_users/authenticate.