Lets first explain what a bearer token is used for ?
what is a bearer token?
Bearer Token is a security token with the property that any party in possession of the token (a “bearer”) can use the token in any way that any other party in possession of it can. Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession).
Access tokens are used in token-based authentication to allow an application to access an API.
Note: Bearer Tokens are time sensitive and do expire frequently (matter of minutes)
What is an API ?
Wikipedia defines an API as “a computing interface that defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc.”
APIs allow us to automate repetitive administrative tasks, capture complex configuration as code, and create whole new applications that build on existing services
Citrix Cloud and API’s
When working with Citrix Cloud and API’s a Bearer Token is often required in the OAuth authentication process. There are some great explanations on Citrix Docs on API integration on the links below
Creating a bearer token
In this blog I will step through the process of creating a bearer token using the citrix.com developer site
Open the following URL
Click on SettingsController
Click Invoke API
Enter the Customer ID (Can be found in the Citrix Admin console /Accounts settings)
Choose the option for Generate here
You are now prompted for the Client ID and Secret Key
click execute and see that the bearer token is available to copy and use.
Please note that bearer tokens are time sensitive and expire in minutes.
An Example: Enrolling WEM agents using a Bearer token
When working with WEM enrollment in a connectorless deployment, you can choose to enroll via a method that requires the Bearer Token as per the Citrix Docs
The following command utilized the bearer token to successfully enroll in a WEM agent.
- Citrix.Wem.Agent.EnrollmentUtility.exe enroll –customer “dcint3XXXX” –bearer “add your token here” –url “api.wem.cloud.com
I can see that I have successfully enrolled in WEM using a bearer token and not a Client ID.
There are lots of other ways to create a bearer token, but I find this the easiest and most simple way to do it.
BT for extracting System Logs :