Using the REST APIs
Learn more about how to authorize and use the Strivacity REST APIs.

Strivacity exposes its REST APIs via a combination of API Access Policies and the OIDC Client Credentials Flow. Once you have set up an application and configured the access policy, access to the various REST APIs are granted by sending a Client Credentials request with a particular set of scopes and an audience to receive an access token, and then using that access token in the Authorization header of the request to the given API.

1) To start the Client Credentials flow, request an access token with the desired scopes and audience:
curl --request POST \
--url '' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data audience= \
--data scope='OPTION:ENTITY'
Assuming that the configured API Access Policy grants access to the given scope, you should receive an access token in response.
"access_token": "0F75ipYAEeB1SvYeXtBoLAQS03ADYGhg_LyML64BY5M.Ed6HP3bmTna2JVYRX5A3Zy1s3Em3Bc5caZPOsO8RGNg",
"expires_in": 3599,
"scope": "OPTION:ENTITY",
"token_type": "bearer"
The access token is an opaque JWT Bearer Token, and can be used as authorization to the desired API.
curl -H 'Accept: application/json' \
-H "Authorization: Bearer 0F75ipYAEeB1SvYeXtBoLAQS03ADYGhg_LyML64BY5M.Ed6HP3bmTna2JVYRX5A3Zy1s3Em3Bc5caZPOsO8RGNg" \
You should receive your JSON payload from the desired API.
"hostingRegion": "US",
"instanceAddress": "",
"companyName": "BRAND_DOMAIN"

A scope is constructed by selecting an option of read, write, or delete followed by a colon and the desired entity.
An example for accessing the Adaptive MFA Policy API would be:
Please see REST API Required Scopes for more information on the scopes required to access a particular API. For additional information on these APIs, please see the following items within this section of the Fusion documentation, or see our Postman API Directory at
Export as PDF
Copy link
On this page
API Authorization Flow