Apiary Powered Documentation
Sign in with Apiary account.
To use the version 2.0 API, you must send requests using an Anaplan authentication (auth) token. This is in the form of a JSON Web Token. This must be in the Authorization header of the API request. For example: Authorization:AnaplanAuthToken {anaplan_auth_token}
Where {anaplan_auth_token}
is replaced with your auth token.
The Authentication Service API enables you to:
Create an auth token
Get the details of an existing {anaplan_auth_token}
Refresh an auth token by generating a new one from the existing {anaplan_auth_token}
you provide
As a best practice for using our APIs, you should be familiar with RESTful APIs and any specific requirements for the action you are performing. For more information, see Anaplan API Requirements.
To use the version 2.0 API, you must use an Anaplan auth token generated from the Anaplan Authentication Service.
You can get an auth token generated using a certificate from a recognized external public certificate authority (CA) or with your login and password.
Then use the auth token in your API requests.
Note: If your workspace uses single sign-on (SSO), you must be assigned as an Exception User to use basic auth and obtain an Anaplan auth token. For more information on exception users in Anaplan, see Assign Exception Users in Anapedia.
Use your Anaplan username and password to generate an auth token.
Then use this auth token in your API requests.
Note: If your workspace uses single sign-on (SSO), your user must be assigned as an Exception User to use basic auth and obtain an Anaplan auth token. For more information on exception users in Anaplan, see Assign Exception Users in Anapedia.
curl -X POST --user Username@Company.com:YourPassword https://auth.anaplan.com/token/authenticate
Note: curl automatically encodes Base64 for you.
Authorization:Basic encoded_username:password (this must be Base64 encoded.)
A custom script requires that you encode the username:password with Base64.
Note: In basic HTTP auth, a request contains a header field in the form of Authorization: basic credentials, where the credentials are the Base64 encoding of ID and password joined by a single colon :.
{
"meta": {
"validationUrl": "https://auth.anaplan.com/token/validate"
},
"status": "SUCCESS",
"statusMessage": "Login successful",
"tokenInfo": {
"expiresAt": 1493036651173,
"tokenId": "9aa99999-1111-11a2-b333-abc11223ab12",
"tokenValue": "aBCDdefghilMnz30PrD8Iw==.twOZw6fT+ttckbx5Ap3TRvjAAgqHY4UrgkRLiyvQppI8ULyPCc59GNimzco4pBXaMM8wEJ1yrJE6C4Vd6GflfjdUVhGpaji4oG+NBzVnBvA+bBfFnmwWsOiL/8kge+cFxqbW+XqLAAHz3aRV6WgB7wYGXP/0AYant1VKAHFLcnSzRtJqeKakW+rnbUf6eHDQWsF/7AhfG7PJ6qDS8zm8JMjWSZdb0WsOzr79A/IcL1tu4iyn2n9gKA6l9cOhPhYT3AEQJE4GCtLA9eEYILBTbKC4LWuxgnmo+G8VkAIsBoAy8dcSRBPXHZMKRZ5ssmpO766zOZqpdkcX0RcH2dwKUqZefwNrfhdoKy5rmi54/LU93YVYv/d/Mm8HyfV9sWkfEKvFHGM1v+PmCQJLh/CQvHtdu5fd6Had4L0arKa574XsUb07mwKau53Xn+iBBcDu.0CpRsu37FpDizsfXVCxOQ7iLBjJM6+72hczGl4+3RQ4=",
"refreshTokenId": ""3ab11111-2222-33e4-a111-01a1b222cd3a"
}
}
To create an AnaplanAuthToken:
Use a Certificate Authority (CA) issued X509 certificate to generate an auth token.
Use this auth token in your API requests.
In the header, replace {your_CA_certificate}
with the base64-encoded certificate in PEM format.
Replace {encoded_string}
with a base-64 encoded randomly generated string (of at least 100 bytes).
Replace {encoded_signed_string}
with the previous string signed by your private key and then base-64 encoded. Note: We currently only support the SHA512withRSA algorithm when you sign with your private key.
See the code sample below for more details on generating random encoded strings.
For more information on CA certificates, see Tenant Administration: Certificates in Anapedia.
Generating {your_CA_certificate}
String generateEncodedCert(String certFile) throws IOException {
byte[] certBytes;
try (FileInputStream fileInputStream = new FileInputStream(certFile);
BufferedInputStream bis = new BufferedInputStream(fileInputStream)) {
certBytes = new byte[(int) new File(certFile).length()];
bis.read(certBytes);
}
return Base64.getEncoder().encodeToString(certBytes);
}
Generating {encoded_string} and {encoded_signed_string}
Pair<String, String> generateStrings(String privateKeyFile) throws Exception {
byte[] privKeyBytes;
try (FileInputStream fileInputStream = new FileInputStream(privateKeyFile);
BufferedInputStream bis = new BufferedInputStream(fileInputStream)) {
privKeyBytes = new byte[(int) new File(privateKeyFile).length()];
bis.read(privKeyBytes);
}
RSAPrivateKey privKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(
new PKCS8EncodedKeySpec(privKeyBytes));
SecureRandom random = new SecureRandom();
random.setSeed(System.currentTimeMillis());
byte bytes[] = new byte[100];
random.nextBytes(bytes);
byte[] decodedSignedData = sign(privKey, bytes);
String encodedData = Base64.getEncoder().encodeToString(bytes);
String encodedSignedData = Base64.getEncoder().encodeToString(decodedSignedData);
return new ImmutablePair<>(encodedData, encodedSignedData);
}
private byte[] sign(PrivateKey privateKey, byte[] dataBytes) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
Signature sig = Signature.getInstance("SHA512withRSA");
sig.initSign(privateKey);
sig.update(dataBytes);
return sig.sign();
}
curl -X POST -H authorization:'CACertificate {your_CA_certificate}' -H "Content-Type:application/json" -d '{"encodedData": {encoded_string},
"encodedSignedData" : {encoded_signed_string}} https://auth.anaplan.com/token/authenticate
Authorization:CACertificate {your_CA_certificate}
{
"encodedData": "{encoded_string}",
"encodedSignedData" : {encoded_signed_string}
}
{
"meta": {
"validationUrl": "https://auth.anaplan.com/token/validate"
},
"status": "SUCCESS",
"statusMessage": "Login successful",
"tokenInfo": {
"expiresAt": 1493036651173,
"tokenId": "9aa99999-1111-11a2-b333-abc11223ab12",
"tokenValue": "aBCDdefghilMnz30PrD8Iw==.twOZw6fT+ttckbx5Ap3TRvjAAgqHY4UrgkRLiyvQppI8ULyPCc59GNimzco4pBXaMM8wEJ1yrJE6C4Vd6GflfjdUVhGpaji4oG+NBzVnBvA+bBfFnmwWsOiL/8kge+cFxqbW+XqLAAHz3aRV6WgB7wYGXP/0AYant1VKAHFLcnSzRtJqeKakW+rnbUf6eHDQWsF/7AhfG7PJ6qDS8zm8JMjWSZdb0WsOzr79A/IcL1tu4iyn2n9gKA6l9cOhPhYT3AEQJE4GCtLA9eEYILBTbKC4LWuxgnmo+G8VkAIsBoAy8dcSRBPXHZMKRZ5ssmpO766zOZqpdkcX0RcH2dwKUqZefwNrfhdoKy5rmi54/LU93YVYv/d/Mm8HyfV9sWkfEKvFHGM1v+PmCQJLh/CQvHtdu5fd6Had4L0arKa574XsUb07mwKau53Xn+iBBcDu.0CpRsu37FpDizsfXVCxOQ7iLBjJM6+72hczGl4+3RQ4=",
"refreshTokenId": ""3ab11111-2222-33e4-a111-01a1b222cd3a"
}
}
/token/validate
Gets information on a provided {anaplan_auth_token}
. If the token is valid, returns the details of the {anaplan_auth_token}
. If the token is invalid, returns a 401 Unauthorized
message.
curl GET -H authorization:'AnaplanAuthToken {anaplan_auth_token}' https://auth.anaplan.com/token/validate
Authorization:AnaplanAuthToken {anaplan_auth_token}
{
"meta": {
"validationUrl": "https://auth.anaplan.com/token/validate"
},
"status": "SUCCESS",
"statusMessage": "Token validated",
"userInfo": {
"userGuid": "8a89d9999f3c7099015f999d5208458a",
"userId": "a.user@anaplan.com",
"customerGuid": "8a80d99a5bf97b99995c3d1577610415"
},
"tokenInfo": {
"expiresAt": 1509728252000
"tokenId": "4d677e7d-c0ae-11e7-9f79-b179910b5099",
}
}
/token/refresh
Generates a new auth token from an existing {anaplan_auth_token}
that you provide. You need to refresh your token if your session runs for longer than 30 minutes.
curl -X POST -H authorization:'AnaplanAuthToken {anaplan_auth_token}' https://auth.anaplan.com/token/refresh
Authorization:AnaplanAuthToken {anaplan_auth_token}
{
"meta": {
"validationUrl": "https://auth.anaplan.com/token/validate "
},
"status": "SUCCESS",
"statusMessage": "Token refreshed",
"tokenInfo": {
"expiresAt": 1509725972924,
"tokenId": "4d688e7d-c0ae-11e7-9f69-b170010b5016",
"tokenValue": "wOlfU2tLezUAkmLY/C5lXw==.CH9fWgnDiN099USFFAWrrtoCoqVS/xixNtG4V0Vk6f2zVAa/lTmjJsHeSxSXAW9HRH2EA+q7rLzmtWvkdi8dtOv/hExmpNRfTtux/9t8RXVFmNMxro+tPbhfE/MUPSiaxzyRlSYkpph8WFIWKlrLhZ0Iw/iweuSIlAwVtXhbsDt674T5GiJxS35wh1h5ateeylU/1Y3Het+YR5F/8idr1oZu5cd+SE16tHLUPJQwp5uGkfTTBp5CR/zv4wzIsY35wGpgEAgUC4F19zASo6/EB6Br2KmyqJEmUIWmFJRRk9qmjJpS05FHUTXVpU5d2psrRRGUh1XNLoOOnz7DopuhTS4TwiI3AJeNYca3IfeGQo7LyfAmsTc4QL6xsQh5M6G5q/+wfNFY1zHVxSf/nugfHJOBRUnLMUgs46/TMWTqhMoweFsMG84uI0eHA3SAAiFQ.63GpdlW8HpciJq24dr4klBCog1TEIkTj6NBS+iPM4uY=",
"refreshTokenId": "95ee4c30-c0ae-11e7-be10-c9ac36e86de2"
}
}
/token/logout
Deletes an {anaplan_auth_token}
. After the /logout command, the {anaplan_auth_token}
is deleted and no longer valid.
curl -X POST -H authorization:'AnaplanAuthToken {anaplan_auth_token}' https://auth.anaplan.com/token/logout
Authorization: AnaplanAuthToken {anaplan_auth_token}