Skip to main content

Get started

Authentication

To use the CI/CD Manager API, you need to authenticate with an access token:

  • For user-service interactions, copy your user access token directly from Cloud Console.
  • For service-to-service interactions, use your client credentials to get a token with specific scopes.

    If you don't have an OKTA client, submit a ticket in Guidewire Community.

User access token

To authenticate with a user access token, you must be in the {tenant}.dev.{project}.all.gcc.ciconfigmanagers user group.

note

An access token expires after 60 minutes.

You can get an access token directly from Cloud Console:

  1. Log in to Cloud Console.

  2. Select your profile.

  3. Select Copy access token.

    This action copies an access token to your clipboard.

    Copy an access token in Cloud Console.


Access token with supported scopes

The CI/CD Manager API supports the following scopes:

ScopeDescription
cicd.insurerconfig.readGet a CI/CD configuration for an application.
cicd.insurerconfig.writeUpdate a CI/CD configuration for an application.
cicd.metadata.readList all the applications for a star system.
cicd.schedules.readGet a schedule configuration. List all the schedules for an application. List all the schedules for a star system.
cicd.schedules.writeCreate, update, and delete a schedule for an application.
cicd.postdeploymenttests.readGet the definition of a post-deployment test. List all the post-deployment tests for a star system.
cicd.postdeploymenttests.writeCreate, update, and delete a post-deployment test.
cicd.qualitygates.readGet the definition of a quality gate. List all the quality gates for a stage. List all the verifications for an artifact.
cicd.qualitygates.writeCreate, update, and delete quality gates and verifications.

To get an access token with scopes, you must authenticate with Guidewire Hub using your client ID and client secret.

Send the following POST request:

curl -s --location --request POST $GWHUB_URL \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "scope=tenant.{tenantId} project.{projectId} $SCOPES" \
--data-urlencode "client_id=$GWHUB_CLIENT_ID" \
--data-urlencode "client_secret=$GWHUB_CLIENT_SECRET" | jq -r '.access_token'

Where:

  • $GWHUB_URL depends on your region. Use one of the following:

    RegionURL
    AMERhttps://guidewire-hub.okta.com/oauth2/aus11vix3uKEpIfSI357/v1/token
    CANADAhttps://guidewire-hub.okta.com/oauth2/aus11vix3uKEpIfSI357/v1/token
    EMEAhttps://guidewire-hub-eu.okta.com/oauth2/ausc2q01c40dNZII0416/v1/token
    APAChttps://guidewire-hub-apac.okta.com/oauth2/ausbg05gfcTZQ7bpH3l6/v1/token
    JAPANhttps://guidewire-hub-apac.okta.com/oauth2/ausbg05gfcTZQ7bpH3l6/v1/token
  • $SCOPES is a list with at least one supported scope, separated by white spaces.

    Example: cicd.insurerconfig.read cicd.postdeploymenttests.write.

The response contains a JSON object with the requested access token:

Example response
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "xxxxxxxx",
"scope": "scope=cicd.insurerconfig.read tenant.{tenantId} project.{projectId}"
}

Make an authorized call

To authorize the API requests, add the obtained access token to an Authorization header:

Authorization: Bearer {access_token}

For example:

curl -s --location --request GET "$CICD_MANAGER_URL" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN"

Base URLs

Depending on your region, use one of the following base URLs:

RegionURL
AMERhttps://cicd-manager-service.api.orange.guidewire.net
CANADAhttps://cicd-manager-service.api.omega2-butterfly.guidewire.net/
EMEAhttps://cicd-manager-service.api.omega2-cartwheel.guidewire.net
APAChttps://cicd-manager-service.api.omega2-circinus.guidewire.net
JAPANhttps://cicd-manager-service.api.omega2-milkyway.guidewire.net/

When the documentation refers to {baseUrl}, replace it with the correct URL for your region.