Access Token for Root Tenant API Key
To create an API key for the root tenant, you must provide an access token in the Authorization header of the GenerateApiKey gRPC-Web request. However, if this is your first time setting up the API, you will not have an access token yet.
Solution: Reuse the Browser Session Token
For this initial request only, you can reuse the access token that is automatically set in your browser when you log in to your Ema instance.
Method 1: Network Tab
- Log in to your Ema instance in a web browser
- Open the browser's Developer Tools (F12 or Cmd+Option+I)
- Go to the Network tab
- Perform any action in the Ema UI that triggers an API request
- Click on the request in the Network tab
- Find the
Authorizationheader in the request headers - Copy the token value (everything after
Bearer)
Method 2: Application Tab
- Log in to your Ema instance in a web browser
- Open the browser's Developer Tools (F12 or Cmd+Option+I)
- Go to the Application tab
- Look for the access token in the stored cookies or local storage
Use this token in the Authorization header when calling GenerateApiKey:
curl -X POST https://your-instance.ema.co/auth.v1.AuthService/GenerateApiKey \
-H "Authorization: Bearer <browser-session-token>" \
-H "Content-Type: application/grpc-web+proto" \
-H "x-grpc-web: 1" \
--data-binary @framed_request.bin \
--output response.bin
Once you have generated your API key, use it to call GenerateAccessToken for all subsequent operations. You will no longer need the browser session token.
Related
- Authentication -- Full authentication flow
- Handling gRPC-Web Requests -- gRPC-Web encoding guide
- Getting Started -- Quickstart guide