# Configuring Authentication for the Alemba API

Two built in clients are preconfigured for use with Password authentication. These may need to be configured to use the desired authentication type before first use.

 Open the new Alemba® admin page in your web browser 

 `https://{host-name}/{core-system-name}/Alemba®.Web/alemba/admin`.

1. Log in as an Analyst with the Security Setup General Access role
2. On first use, a login form will be displayed.
3. Alemba® Admin and the API Explorer are configured to prompt for confirmation before login is completed.
4. Click the API Clients link
5. Select the API Client you wish to configure.

<table data-header-hidden><thead><tr><th width="207"></th><th></th></tr></thead><tbody><tr><td>Client Secret</td><td><p>If specified, the calling OAuth Client must provide this value when processing user authentication. </p><p>See How to log in to the API in the API explorer Help.</p><p>This value is akin to a password and should only be used by client code where the client is trusted and is able to keep secrets. </p><p>A JavaScript client is not able to securely store this secret so should not use this value for authentication.</p></td></tr><tr><td>Name</td><td>The API Client must have a name which should be unique. This is only used as a display name.</td></tr><tr><td>Session Type</td><td><p>Possible Values: Any, User, Analyst</p><p>If set to User or Analyst, OAuth clients will only be able to get an access token of the specified type. </p><p>If set to Any, OAuth clients must specify a scope when processing user authentication. (see How to log in to the API)</p></td></tr><tr><td>Enabled</td><td><p>If this is unchecked, authentication for this client will be disabled.</p><p>This can be used to disable 3rd party access to the system</p></td></tr><tr><td>Allowed Redirect Uri</td><td><p>Used in OAuth Authorization Code grant flow. This defaults to the host name first used to initiate the authorization code request. </p><p>This security feature is used to prevent token interception or misuse. It is not possible for a third party application to complete an authorization code grant without first configuring this setting.</p></td></tr><tr><td>Enabled Authentication Types</td><td><p>Password authentication is enabled by default. </p><p></p><p>One or more authentication types can be enabled. When multiple authentication types are enable the login dialog will ask the user to choose between login types which are enabled (and correctly configured).</p><p></p><p>Users may then be able to log in using a Username and Password, or Windows Authentication or Single Sign On (using SAML).</p><p>It is recommended that only one type of authentication be used per API Client at a time.</p><p></p><p>See also <a href="configuring-windows-authentication-for-the-alemba-api"><strong>Configuring Windows Authentication for the Alemba API</strong></a> and <a href="configuring-single-sign-on-using-saml-for-the-alemba-api"><strong>Configuring Single Sign On using SAML</strong> </a><a href="configuring-single-sign-on-using-saml-for-the-alemba-api"><strong>for the Alemba API</strong></a>.</p></td></tr></tbody></table>

{% hint style="info" %}
All configuration changes will take effect immediately. Existing sessions will not be affected by these changes.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.alemba.com/asm-hermes/integrate/apis/alemba-restful-api/authentication/configuring-authentication-for-the-alemba-api.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.