Paragon Authentication

To access the Pathfinder API from some environments, your application must use IAM authentication.


The Paragon Identity and Access Management (IAM) service provides authentication and authorization for Pathfinder.

Paragon IAM Authentication API

The Paragon IAM Authentication API is available at the configured Paragon address under "iam/authenticate" (e.g. To access the Pathfinder API, a client can use the Authentication API to retrieve an access token for a given user. To retrieve the token the user must authenticate by passing in account credentials, which will return an id_token, a list of scopes and other metadata. Subsequent requests to the Pathfinder API should add the id_token to the request header under the x-iam-token key.

Get ID Token

Get an id_token and list of scopes for a user

Normal response codes
Request example:
    "user": {
        "domain": "spadmin",
        "name": "admin"
    "password": "<password>",
    "methods": [
Response example:
    "status": "AUTHENTICATED",
    "user_id": "09b56e78-ed53-41d5-ab08-09fec3bfcf9f",
    "id_token": "<...token...>",
    "token": {
        "user_id": "09b56e78-ed53-41d5-ab08-09fec3bfcf9f",
        "user_name": "admin",
        "iat": "1621628806",
        "exp": "1621632406",
        "unique_identifier": "72f07a88-656d-4840-9826-f6cffb7d9364-1621628806"
    "scopes": [
            "id": "43085f38-eff5-4252-aaf2-2f6f3adb375a",
            "name": "default",
            "display_name": "default",
            "type": "SP"
    "access_token": "<...access token...>",
    "identity_provider_type": "Local"