Authenticate API user
After you create a dedicated API user account, you need to authenticate this user with the Identity Provider (IDS). This will provide you with time-limited and scope-limited authentication tokens. The authentication tokens follow the JSON Web Token (JWT) standard.
All ESET Connect APIs are RESTful HTTP endpoints that use JSON for requests and responses, and standard HTTP verbs (GET, POST, PUT, DELETE). Authentication is handled using OAuth 2.0. |
JWT validity
The JSON Web Token (JWT) is valid for 60 minutes. After this period, ESET Connect requires the user to perform a new authentication call to obtain a new token. After the administrator removes the API user account, this user can still use the API until the token expires.
For more information, refer to the Swagger documentation for OAuth.
How to obtain a JSON Web Token
1.Authenticate with the API User account credentials using the OAuth API endpoint in Swagger or the command line.
2.Use the token from the response to authorize all subsequent API calls.
To avoid connection problems, use the API based on the location of your ESET PROTECT/ESET Inspect Server (EU, DE, US, JPN, CA). |
It is your responsibility to store your API user credentials securely. If your API user credentials are lost or stolen, an attacker could use them to call APIs on your behalf, potentially leading to data theft or other damage. |