The Flexera One ITAM API now supports service accounts, enabling you to authenticate to the ITAM APIs using non-human, role-based identities. This enhancement improves security, facilitates automation, and supports scalable, maintainable API integrations. Service accounts can be managed through the Flexera One IAM API, which allows you to create, view, update, and delete them.
NOTE: The domain for any endpoints used must match the region where your org is hosted. For North America (NAM), use .com; for Europe, the Middle East, and Africa (EMEA), use .eu; for Asia Pacific (APAC), use .au
- Use a user account with an Admin role to generate an access token.
-
Create a Service Account via the API.
curl -X POST -s -i https://api.flexera.com/iam/v1/orgs/$ORG_ID/service-accounts \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $USER_TOKEN" \ -d '{"name": "service account name", "description": "Reads data from Flexera One APIs"}'NOTE: Replace $ORG_ID with your Organization ID.
- Find the created service account and get its ID.
curl -s https://api.flexera.com/iam/v1/orgs/$ORG_ID/service-accounts/2263 \ -H "Authorization: Bearer $USER_TOKEN" | jqExample:
-
Assign role(s) to the service account. The service account should be granted the least possible permissions to accomplish its tasks. For Flexera One ITAM, you want to grant the service account the 'fnms_admin' role.
To check available roles:curl -s https://api.flexera.com/iam/v1/orgs/$ORG_ID/roles \ -H "Authorization: Bearer $USER_TOKEN" | jq
Example: -
Assign the 'fnms_admin' role to your service account.
curl -s https://api.flexera.com/iam/v1/orgs/$ORG_ID/access-rules/grant -X PUT -i \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $USER_TOKEN" \ -d '{ "role": { "name": "fnms_admin" }, "scope": { "ref":"ref:nam:::iam:org:$ORG_ID" }, "subject": { "ref": "ref:nam:$ORG_ID::iam:service-account:$SERVICE_ACCOUNT_ID" } }'Example (body):
NOTE: Replace $ORG_ID with your Organization ID and $SERVICE_ACCOUNT_ID with the Service Account ID you have created.
-
Use the Identity and Access Management API to create a service account client. The client contains the service account's credentials.
curl -s https://api.flexera.com/iam/v1/orgs/$ORG_ID/service-accounts/$SERVICE_ACCOUNT_ID/clients \ -H "Authorization: Bearer $USER_TOKEN" -X POSTExample:
IMPORTANT: The clientId and clientSecret must be stored securely, as they are sensitive. Anyone with access to these credentials will have access to your organization.
- Obtain a bearer token using service account credentials.
curl -s -i -X POST https://login.flexera.com/oidc/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials&client_id=<client Id>&client_secret=<client secret>"Example (body):
- In Flexera One, navigate to IT Asset Account, search for the service account, and open it to trigger a sync. Optionally, assign an ITAM role.
You can now use the Service Account to call any Flexera One ITAM API.
Are you sure you want to cancel the case creation?
Are you sure you want to close this case
| Products | Region | Phone Numbers |
|---|---|---|
| FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield |
North America * |
+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America) |
| Europe * |
+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe) |
|
| Japan * | +81 3-4540-5335 (select option 2) | |
| Australia * |
+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia) |
|
|
Usage Intelligence (formerly
Revulytics) Compliance Intelligence |
Please use the Case Portal to submit your support ticket or reach out to your Revenera contact. | |
Case id: 00001065
Activity: Status change: 2 hours ago