# OAuth 2.0 with ThousandEyes OAuth 2.0 is an authorization protocol that enables a secure, token-based exchange of access between ThousandEyes and other Cisco platforms. It allows you to grant other Cisco platforms limited access to your ThousandEyes data, while ensuring that other Cisco platforms only access the specific data and actions you authorize. ## Cisco Integrations ThousandEyes integrates with multiple Cisco platforms using OAuth 2.0 to provide secure access to your ThousandEyes data. The following Cisco integrations are supported: * [Cisco SD-WAN Manager](https://docs.thousandeyes.com/product-documentation/user-management/oauth-overview/oauth-integration#cisco-sd-wan-manager) * [Meraki](https://docs.thousandeyes.com/product-documentation/user-management/oauth-overview/oauth-integration#meraki) * [Splunk ThousandEyes App](https://docs.thousandeyes.com/product-documentation/user-management/oauth-overview/oauth-integration#splunk-thousandeyes-app) ## How OAuth 2.0 Works with ThousandEyes The following sections explain how the authorization process works and how token expiration is handled. ### Authorization Flow 1. (If applicable) Device Authorization For on-prem solutions that don’t have a common cloud-based redirect URI, a device code is displayed on your integrating platform’s UI for verification. 2. Request Authorization The integrated Cisco platform requests authorization to access ThousandEyes. You are redirected to ThousandEyes, where you must authenticate using your preferred method: either local login or Single Sign-On (SSO). Here, you have the option to select which [region to authenticate to](https://docs.thousandeyes.com/product-documentation/user-management/thousandeyes-multi-region-cloud-support): Default, US1, US2, or EU. 3. Confirm Authorization An authorization screen displays your email address, the ThousandEyes region you are authenticating to, and a summary of the information that ThousandEyes is sharing with the integrating application. You can choose to **Confirm** authorization or **Logout**. 4. Token Exchange After you confirm authorization, you are redirected to your integrated Cisco application. Then, ThousandEyes securely passes access and refresh tokens to the authorized application. The tokens are used to support the information exchange needed for the integration to function. 5. API Requests Your Cisco application uses an access token to make API requests to ThousandEyes. All integrating applications use ThousandEyes v7 APIs to retrieve information. {% hint style="info" %} Once logged in, you remain authenticated even if you navigate away. This reduces the need for frequent re-authentication. However, it's important to log out when you're finished to maintain the security of your account and prevent unauthorized access. {% endhint %} ### Revoke Integration Access Access tokens are short-lived, typically expiring within minutes, though the exact duration varies between integrations. Refresh tokens, used to obtain new access tokens, will expire if not utilized within a brief time frame. When you no longer want an application to access your ThousandEyes data, in your integrated application, log out of your ThousandEyes account. This ensures that the application no longer uses your tokens. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.thousandeyes.com/product-documentation/user-management/authorization/oauth-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.