OAuth 2.0 with ThousandEyes

OAuth 2.0 is an authorization protocol that enables a secure, token-based exchange of access between ThousandEyes and other Cisco platforms. It allows you to grant other Cisco platforms limited access to your ThousandEyes data, while ensuring that other Cisco platforms only access the specific data and actions you authorize.

Cisco Integrations

Currently, ThousandEyes can integrate with Cisco SD-WAN Manager using OAuth 2.0 to provide secure access to your ThousandEyes data. For more information, see Intergration with OAuth 2.0.

How OAuth 2.0 Works with ThousandEyes

The following sections explain how the authorization process works and how token expiration is handled.

Authorization Flow

  1. (If applicable) Device Authorization

For on-prem solutions that don’t have a common cloud-based redirect URI, a device code is displayed on your integrating platform’s UI for verification.

  1. Request Authorization

The integrated Cisco platform requests authorization to access ThousandEyes. You are redirected to ThousandEyes, where you must authenticate using your preferred method: either local login or Single Sign-On (SSO). Here, you have the option to select which region to authenticate to: Default, US1, US2, or EU.

  1. Confirm Authorization

An authorization screen displays your email address, the ThousandEyes region you are authenticating to, and a summary of the information that ThousandEyes is sharing with the integrating application. You can choose to Confirm authorization or Logout.

  1. Token Exchange

After you confirm authorization, you are redirected to your integrated Cisco application. Then, ThousandEyes securely passes access and refresh tokens to the authorized application. The tokens are used to support the information exchange needed for the integration to function.

  1. API Requests

Your Cisco application uses an access token to make API requests to ThousandEyes. All integrating applications use ThousandEyes v7 API’s to retrieve information.

Revoke Integration Access

Access tokens are short-lived, typically expiring within minutes, though the exact duration varies between integrations. Refresh tokens, used to obtain new access tokens, will expire if not utilized within a brief time frame.

When you no longer want an application to access your ThousandEyes data, in your integrated application, log out of your ThousandEyes account. This ensures that the application no longer uses your tokens.

PreviousLogging InNextIntegrations with OAuth 2.0

Last updated