Access Token for Root Tenant API Key

To create an API key for the root tenant, you must provide an access token in the Authorization header of the GenerateApiKey gRPC-Web request. However, if this is your first time setting up the API, you will not have an access token yet.

Solution: Reuse the Browser Session Token

For this initial request only, you can reuse the access token that is automatically set in your browser when you log in to your Ema instance.

Method 1: Network Tab

  1. Log in to your Ema instance in a web browser
  2. Open the browser's Developer Tools (F12 or Cmd+Option+I)
  3. Go to the Network tab
  4. Perform any action in the Ema UI that triggers an API request
  5. Click on the request in the Network tab
  6. Find the Authorization header in the request headers
  7. Copy the token value (everything after Bearer )

Method 2: Application Tab

  1. Log in to your Ema instance in a web browser
  2. Open the browser's Developer Tools (F12 or Cmd+Option+I)
  3. Go to the Application tab
  4. Look for the access token in the stored cookies or local storage

Use this token in the Authorization header when calling GenerateApiKey:

curl -X POST https://your-instance.ema.co/auth.v1.AuthService/GenerateApiKey \
 -H "Authorization: Bearer <browser-session-token>" \
 -H "Content-Type: application/grpc-web+proto" \
 -H "x-grpc-web: 1" \
 --data-binary @framed_request.bin \
 --output response.bin

Once you have generated your API key, use it to call GenerateAccessToken for all subsequent operations. You will no longer need the browser session token.

Last updated: Jul 3, 2026