Using the REST APIs

Learn more about how to authorize and use the Strivacity REST APIs.


Strivacity exposes its REST APIs via a combination of API Access Policies and the OIDC Client Credentials Flow. Once you have set up an application and configured the access policy, access to the various REST APIs are granted by sending a Client Credentials request with a particular set of scopes and an audience to receive an access token, and then using that access token in the Authorization header of the request to the given API.

API Authorization Flow

1) To start the Client Credentials flow, request an access token with the desired scopes and audience:

curl --request POST \
--url '' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data audience= \
--data scope='OPTION:ENTITY'

Assuming that the configured API Access Policy grants access to the given scope, you should receive an access token in response.

  "access_token": "0F75ipYAEeB1SvYeXtBoLAQS03ADYGhg_LyML64BY5M.Ed6HP3bmTna2JVYRX5A3Zy1s3Em3Bc5caZPOsO8RGNg",
  "expires_in": 3599,
  "scope": "OPTION:ENTITY",
  "token_type": "bearer"

The access token is an opaque JWT Bearer Token, and can be used as authorization to the desired API.

curl -H 'Accept: application/json' \
-H "Authorization: Bearer 0F75ipYAEeB1SvYeXtBoLAQS03ADYGhg_LyML64BY5M.Ed6HP3bmTna2JVYRX5A3Zy1s3Em3Bc5caZPOsO8RGNg" \

You should receive your JSON payload from the desired API.

  "hostingRegion": "US",
  "instanceAddress": "",
  "companyName": "BRAND_DOMAIN"


A scope is constructed by selecting an option of read, write, or delete followed by a colon and the desired entity.


An example for accessing the Adaptive MFA Policy API would be:



Strivacity APIs are documented via our API Directory at

Here, developers that are building against Strivacity can explore, find information about the required scopes, review code samples, and test Strivacity APIs against their own tenants.