Black Duck is a software composition analysis tool for managing risks and security and license compliance of third-paty components (especially open source components) in software applications. Black Duck provides an extensive REST API for interacting with the Black Duck hub and their extensive knowledge base. 

To use the Black Duck API, an API bearer token is required which can only be generated from the a user access token. The process of the API bearer token generation is not very straight forward. This article provides a sample Python code to get an API bearer token from the a user access token.

The user access token is manually generated via the Black Duck web interface (User -> Profile -> Access Tokens). After a user access token is generated, use the code below to generate an API bearer token. Note that API bearer token is timed and therefore expires after the specified amount of time in the response.

import requests
import os

user_access_token = os.environ["BLACK_DUCK_ACCESS_TOKEN"]

headers = {
   "Accept": "application/vnd.blackducksoftware.user-4+json",
   "Authorization": f"token {user_access_token}"

blackduck_instance_base_url = <fill in>

req = requests.post(f"{blackduck_instance_base_url}/api/tokens/authenticate", headers=headers}

if req.ok:
   json_resp = req.json()
   bearer_token = json_resp["bearerToken"]
   token_expiry_date = json_resp["expiresInMilliseconds"]

Make sure to set your Black Duck access token as an environment variable "BLACK_DUCK_ACCESS_TOKEN" and fill in your Black Duck instance base url.