Providing you are a LUSID user with sufficient privileges, you can specify a client ID and then get LUSID to generate a client secret for you.
Note: If you are the LUSID domain owner, you are automatically assigned the built-in
lusid-administratorrole, which has all the permissions necessary to perform the operations in this article
Once generated, you can use these details to obtain a short-lived API access token and use it to authorise calls to the LUSID API, either directly or via the SDK.
Using the LUSID web app
To get LUSID to generate a client secret and then reveal it:
Sign in to the LUSID web app using the credentials of a LUSID administrator.
From the left-hand menu, select Identity and access > Applications:
On the Applications dashboard, click the Create application button:
Specify a Client Id (no spaces) and a Display name, and click the Save button. LUSID automatically generates a client secret.
On the Applications dashboard, click the
View icon to reveal the client secret and Okta's dedicated token URL for your LUSID domain:
Note: Exporting credentials is useful when you want to call the LUSID API using the SDK.
Using the Identity API
You can use the Identity API to generate and then reveal a client secret the second and subsequent times you want to do so.
Note: Because you need an API access token to call the Identity API (for which you need a client secret), you'll either need to use the LUSID web app the first time, or else pass in a personal access token instead (which doesn't require a client secret).
Obtain an API access token, if possible.
Call the CreateApplication API, passing in your access token, a client ID and friendly name that are unique within your domain, and a type of
Native. For example:The response contains an automatically-generated client
secret, and anissuerthat is Okta's dedicated token URL for your LUSID domain: