If your application requires direct access to another server, without user authorization, you create a Server to server app. This option is based on the OAuth 2.0 client credentials grant type. During this flow, your app uses its OAuth credentials to retrieve an access token.

Scoping has special importance in server to server apps. Scopes provide a way to implement control over what areas in an organization your client can access - specifically which role in an organization, and what services and the level of permissions. As an organization owner, you can add your server to server app to any of your organizations. So while you can specify a wide range of access for your app over many cloud services, access is eventually determined by the services contained in an organization. You receive notification when you add an OAuth app to an organization that does not include the services included in the scope of the app.

Prerequisites

Note: To familiarize yourself with VMware Carbon Black integrations and API, see the Developer Network.

Procedure

  1. From the Carbon Black Cloud console, click your user name in the upper-right corner and then click View Organization.
  2. Select the OAuth Apps tab, and then click Create App.
  3. Select Server to server app, and click Continue.
  4. Specify the following:
    1. Enter the App Name.
    2. Provide an App description.
    3. Specify the Access Token TTL.
  5. Define the App scopes.
    Scopes provide a way to implement control over what areas in an organization your client can access - specifically which role in an organization, and what services and the level of permissions.
  6. Click Create to generate the client credentials.
  7. Copy the credentials or download a JSON file, and click Continue.
    You are responsible for storing your credentials in a safe place.
  8. Optional: Add the app to the active organization.
    You can skip this step and add the app to this organization, and other organizations later. See, Manage OAuth 2.0 Apps.

What to do next

Paste the credentials into your script or integration configuration flow.