Generate an OAuth Token Using Your Key

When you sign up for an account, you download your key contained in a file called einstein_platform.pem. You can quickly get a token using the token page and uploading your key.

In code, however, you must programmatically get an OAuth token using your key. You do this by generating an assertion and then passing that to the API to get an access token. That access token can then be used to make API calls.

  1. Open the einstein_platform.pem file and read in the key contents.

  2. Create the JWT payload. The payload is JSON that contains:

  • sub—Your Einstein Platform Services username. You can find your username in the welcome email you receive after you get an account. If you signed up using Salesforce, your username is the email address associated with the org you signed up with.

  • aud—The API endpoint URL for generating a token.

  • exp—The expiration time in Unix time. This value is the current Unix time in seconds plus the number of seconds you want the token to be valid. For testing purposes, you can get the Unix time at

The JWT payload looks like this JSON.

  1. Sign the JWT payload with your RSA private key to generate an assertion. The private key is contained in the einstein_platform.pem file you downloaded when you signed up for an account. The code to generate the assertion varies depending on your programming language. If you're doing manual testing, you can generate an assertion using

  2. Call the API and pass in the assertion. You pass in all the necessary data in the -d parameter. Replace <ASSERTION_STRING> with the assertion you generated. This cURL command shows the call.

The response looks similar to this JSON.

  1. Use the access token to make an API call. For example, this cURL command to get a dataset.

Use the access token to make any authenticated API calls as long as the token is valid (it's not expired). When the access token expires, you repeat this process to generate a new one.