SEPM OAuth Quick Start


Article ID: 197949


Updated On:


Endpoint Protection


You need to register an application with Symantec Endpoint Protection Manager (SEPM) and acquire the access token and refresh token to set up your application.


Follow these steps to register your application and acquire the necessary tokens. The actual hostname may be used instead of "localhost" (accepting the security risk for the self-signed certificate):

  1. Login to https://localhost:8446/sepm/
  2. If the app is new or was removed, create it, otherwise move on to the next step
  3. Ensure the client ID and client secret are noted, replacing them as indicated in the following URLs
  4. Go to: https://localhost:8446/sepm/oauth/authorize?response_type=code&client_id=<client id>
  5. Copy the code from the URL and save it.
    Note: Make sure you proceed to the site if it gives a cert error, and login. The code will be needed in the following URL along with the client ID and client secret.
  6. Go to: https://localhost:8446/sepm/oauth/token?grant_type=authorization_code&client_id=<client id>&client_secret=<client secret>&code=<code>
  7. This should return a JSON string with the access token and refresh token needed to set up your application.
    Note: If you use Internet Explorer it may try to download the JSON; open it with notepad, or use another browser like Chrome / Edge Chromium / Mozilla Firefox.

For additional OAuth information, please review the Web Services Documentation included in the Tools folder of the product's Full Installation archive. (The archive may be extracted to disk with 7zip, WinRAR or similar.)