Logging in to a management server
You log in to a management server from the command line by using the apic
login
command. The parameters that you supply determine the identity provider that is used
to authenticated the supplied user ID, and the scope of the tasks that can be performed after
successful log in.
Attention: If you want to log in with an OIDC user registry or if you are an IBM Cloud
Pak for Integration (CP4I) user, see Logging in to a management server with an OIDC registry.
- Clear the credentials from any previous login by running the following
command:
apic client-creds:clear
Clearing the credentials ensures that you do not inadvertently log in with the wrong set of credentials (for example, from a different product release or environment).
- Set the credentials that you want to use now by running the following command:
apic client-creds:set path_to_credentials/credential.json
Wherepath_to_credentials
is the location of the credential.json file that you want to use. For example:apic client-creds:set /Users/local_user/credential.json
- Log in using one of the following methods.
- To log in using a username and password, run the following command:
apic login --server mgmt_endpoint_url --username user_id --password password --realm realm
- To log in using the apikey, run the following command:
apic login --sso --server mgmt_endpoint_url --apiKey apikey --context provider
The parameters for the
apic login
command are as follows:- mgmt_endpoint_url
- The URL depends on the type of organization that you are logging in with:
- Cloud admin organization or Provider organization, use one of the following URLs:
- Platform API endpoint URL (note that if you want to run commands that relate to API governance, you must use the platform API endpoint URL to log in).
- Management API manager URL.
- Consumer organizations, use the consumer API endpoint URL.
- Cloud admin organization or Provider organization, use one of the following URLs:
- user_id
- The user ID you want to log in with. Depending on the tasks that you want to perform, this user
ID might be any of the following:
- password
- The password associated with the supplied user ID.
- realm
- The realm parameter specifies the identity provider that is used to
authenticated the supplied user ID, and the scope of the tasks that can be performed after
successful log in.The format of the realm depends on the type of user, as follows:
- apikey
- The apikey serves as the code to authenticate the user. For more information about creating apikey, see Managing platform REST API keys
You can also use the command interactively; enter
apic login
and you will be
prompted for the values. For example:apic login
Enter your API Connect credentials
Server? platform-api.myserver.com
Realm? provider/default-idp-2
Username? myuser
Password?
Logged into myserver.com successfully
Note: If you see a message stating that credentials cannot be found, download new credentials as
explained in Downloading the toolkit.
How to determine the identity provider
If you want to log in as a member of the cloud
administration organization, or as a member of a provider organization, you can help determine which
identity provider to use in the
--realm
parameter by entering the following command
to see a list of all available identity providers (you do not need to be logged in to use this
command):apic identity-providers:list --scope scope --server mgmt_endpoint_url --fields title,realm
where
scope has the value admin
or provider
depending
on whether you want to log in as a member of the cloud administration organization, or as a member
of a provider organization. The output lists the names and titles of all identity providers, for example:apic identity-providers:list --scope admin --server myserver.com --fields title,realm
total_results: 2
results:
- title: Cloud Manager User Registry
realm: admin/default-idp-1
- title: Corporate LDAP user registry
realm: admin/corporate-ldap
The title
value should enable you to determine which
identity provider to use; you can then copy the corresponding --realm
parameter
directly from the displayed realm
value. For any identity providers that were
created by your administrator after API Connect was installed,
the names will have been determined at creation time. The default Cloud Manager Local User Registry
for login as a member of the cloud administration organization is default-idp-1
,
and the default API Manager Local User Registry for login as a member of a provider organization is
default-idp-2
.By default, API Connect creates a local
user registry for user login for every context. The identity providers associated with these default
registries are as follows:
Registry | Identity provider name |
---|---|
Cloud Manager Local User Registry (for login as a member of the cloud administration organization) | default-idp-1 |
API Manager Local User Registry (for login as a member of a provider organization) | default-idp-2 |
Sandbox Catalog User Registry (for login as a member of a consumer organization) | sandbox-idp |
If you want to log in as a member of a consumer organization, see Logging in as a consumer to the Developer Portal by using the CLI for full details.
Logging out
To log out of a management server, use the following
command:
apic logout --server mgmt_endpoint_url