API Authentication using Qualys Managed Tokens

To ensure easy and seamless API authentication, we have extended the OIDC client management capabilities to our application user interfaces. 

With this utility, you can generate the JWT tokens directly from the Qualys application user interface and use them for API authentication.

Along with Qualys Managed Tokens, you can use the IdP Provider Tokens to access Qualys APIs. Refer to API Authentication using IdP Provider Tokens to learn more.

Benefits of Qualys-managed Tokens

Qualys-managed tokens offers you the following benefits:

  • Manage authentication and authorization processes more intuitively, providing a smoother user experience.
  • Easily handle API access permissions directly from the user interface, simplifying the process of granting and revoking access when needed.
  • Maintain your existing workflows with minimal changes, enabling you to continue your tasks without the need to learn new processes extensively.

Access Control for Qualys-managed Tokens

We have implemented the role based access control for Qualys-managed Tokens. The role-based access control ensures that only users with specific permissions can have access to manage users and authentication tokens.

Manager users can create the following two types of clients based on access requirements:

  • User Level Clients: These are associated directly to individual user accounts, making them ideal for scenarios where user-specific access tracking and control are required. The token generated by user level client becomes invalid if the user is deactivated.
  • Subscription Level Clients: These are independent of user identities and offer broader access within the subscription. It means that the token is tied to the subscription rather than an individual user. The token generated for a subscription level client continues to function even if the user is deactivated.

Permissions for Qualys-managed Tokens

To use this feature from your Qualys Application user interface, you must have the following permissions.

  • API access permissions
  • UI access permissions 

If you do not have these permissions for a Qualys application for which you want to use this utility, an error message is displayed.

Next TopicSet up Qualys Managed Authentication

Related Topic: API Authentication using IdP Provider Tokens | Token-based Authentication Support Matrix

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: April, 2026