The RUCKUS One REST APIs use JSON Web Tokens (JWT) to secure all endpoints.
Ruckus One authentication APIs are using the OAuth2 client credentials standard APIs, as described here: https://datatracker.ietf.org/doc/html. The API will authenticate a user client and will provide the JWT token.
As part of our ongoing efforts to enhance security and efficiency, we have deprecated the use of the /token authentication API. The /token authentication API will be officially turned down on August 31, 2024. To continue accessing RUCKUS One APIs seamlessly, it is imperative that you transition to using the Java Web Token (JWT) authentication method.
Once logged into Ruckus One, the Administrator must create an "Application Token" consisting of client ID, client secret and scope, and can be found under Administration -> Account Management -> Settings.
The following endpoint will be used to authenticate and retrieve the JWT token:
Here is an example with curl:
curl --request POST \
--url 'https://ruckus.cloud/oauth2/token/<tenantId>' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=<client id> \
--data client_secret=<client secret>Once you have acquired your JWT token, it must be included as "Authorization" HTTP request header of all subsequent requests. The format expected in the authentication header is "Bearer xxxxxxa". For additional information on the authentication scheme being used, please see RFC 6750 Section 2.1.
To access any REST API for a delegated account, correctly authenticate. Provide your JWT authentication credentials, but in addition, include the custom header with a key of "x-rks-tenantid" and value of tenant id to identify the delegated account. If the request URL specifies the "{tenantId}" as a path parameter, then this needs to be the id for the value of delegated account.