Machine-to-machine (M2M) authentication is a security process between applications (apps), services, systems, and devices for trusted, automated communication and access to resources without human intervention. Typically, M2M authentication is used for server-to server communication that runs in the background.
With M2M authentication, customer apps or web services can access Verint resources such as APIs or services without requiring a user to initiate the process. Verint uses an industry-standard approach for M2M authentication based on the OAuth 2.0 client credentials grant flow and access tokens.
Client credentials and tokens
Authentication between apps and services is similar to user authentication but instead of passwords, the authentication flow relies on access tokens, short-lived JSON Web Tokens (JWTs).
To obtain access tokens, you first require client credentials from Verint. In each request for credentials, you identify your app, the Verint APIs or services the app needs to access, and any additional information that helps Verint set up authorization. In response to your request, Verint provides you with two sets of credentials: one set for current use and the other for standby and credentials rotation.
Credentials contain the details that your app needs to request authorization from the Verint identity platform. If the authorization request is successful, the identity platform responds with an access token that your app can use in the Authorization header of API requests to gain access to the Verint resource.
Authentication flow
The OAuth 2.0 client credentials grant flow involves your application (client), the Verint identity platform, and the Verint API or service.
Your application requests authorization by sending a POST request to the identity platform /token endpoint, the platform responds with an access token, and the application uses the token to make requests to the resource.
Refresh tokens are not required; when the access token expires, your application requests a new access token using the client credentials provided by Verint. Rate limits apply to token requests.