# Creating and Managing API Client in Sophos console

## 1. Introduction

A valid ClientId, Client Secret and tenant URL is required in order to access Sopho's API

## 2. Prerequisites

- Access to the Sophos Central Dashboard
- Super Admin privileges


## 3. Generate API Token

### Step 1: Access the Sophos Central Dashboard

- Log in to your Sophos Central Dashboard instance with Super Admin privileges.


### Step 2: Click on the Settings icon in the top right corner

### Step 3: Click API Credentials Management

### Step 4: Click on the Add Credentials button

- Give the credential a name, description and select the desired access: Service Principal Super Admin
https://docs.sophos.com/central/Customer/help/en-us/ManageYourProducts/GlobalSettings/APICredentials/index.html
- Save the ClientId & Client Secret


## 4.  Configure the Integration

**URL**
This is the Base URL for where both authentication and queries will be performed. Please determine the correct URL by performing a WhoAmI query using a Curl call:


```bash
curl --location 'https://id.sophos.com/api/v2/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=token'
```

This curl call will return the right `dataRegion` URL.
That value is the value we need to configure for URL here.

**ClientId**
This is the Client Id gathered in step

**ClientSecret**
This is the Client Secret gathered in step 5