Accessing APIs

About this task

To use any IBM Cloud Pak for AIOps API, you must first authenticate your credentials by including an access token in your API calls. This token is required because a password-based authentication approach is not supported for API calls with IBM Cloud Pak for AIOps, for instance, you cannot call an LDAP server to directly authenticate passwords.

The token that is generated is scoped to your user profile and the permissions that you are assigned when the access token is generated. With your access token, you can use API to access everything that you would typically be able to access when you log in to the IBM Cloud Pak for AIOps console.

To get a Platform UI access token, first you must have either an Identity and Access Management (IAM) access token or an API key that is authenticated by your user credentials. Then, you can use the IAM access token or API key to obtain your Platform UI access token. This Platform UI access token must be included in the authorization header of your calls to IBM Cloud Pak for AIOps API.

Before you create your token, run the following commands as per your deployment:

1. Set the variable for project (namespace). Example is shown in the following command:

   NAMESPACE=cp4aiops
   

2. If you have an existing installation of Cloud Pak for AIOps on Linux, run the following command:

   ROUTE=$(oc get ingress zen-ingress -n $NAMESPACE -o jsonpath='{.spec.rules[0].host}')
   

3. If you have an existing installation of Cloud Pak for AIOps on OpenShift Container Platform, run the following command:

   ROUTE=$(oc get route cpd -n $NAMESPACE --no-headers | awk '{print $2}')
   

   Note: To call the API end points, you need to use the $ROUTE variable in multiple API end points. You can use the echo $ROUTE command to view the value for the route variable.

To create your token, complete either of the following procedures based on your preferred method:

• Get access token by using your API key
• Get access token by using your username and password
• Get authentication by using Platform UI API Key

Important: You can directly access the Swagger UI for only the Topology API and Metric API.

• For more information about accessing Metric service Swagger UI, see Accessing Metric service Swagger UI.

• For more information about accessing topology service Swagger UI, see Accessing Topology service Swagger UI.

Get access token by using your API key

1. Generate your platform API key:

   1. Log in to the IBM Cloud Pak for AIOps console to authenticate your user credentials.

      For more information, such as for how to obtain the URL route for accessing the Cloud Pak for AIOps console, see Accessing the Cloud Pak for AIOps console.

   2. From the toolbar, click your avatar.

   3. Click Profile and settings.

   4. Click API key > Generate new key.

   5. Click Generate.

   6. Click Copy and save your key somewhere safe. You cannot recover this key if you lose it.

   If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the platform until you provide your new API key. For more information, see Generating API keys for authentication.

2. Get your Platform UI access token by running the following cURL command:

   curl -k -X POST \
     https://$ROUTE/icp4d-api/v1/authorize \
     -H 'Content-Type: application/json' \
     -d '{
       "username": "<username>",
       "api_key": "<API_key>"
     }'
   

   • ROUTE - The IBM Cloud Pak platform (cpd) route hostname.
   • <username> - Your username.
   • <API_key> - The API key that you generated in the previous step.

   The API response can resemble the following sample:

   {
       "_messageCode_": "200",
       "message": "Success",
       "token": "<encoded-token-string>"
   }
   

   • <encoded-token-string> - Your Platform UI access token.

Get access token by using your username and password

1. Get your Identity and Access Management (IAM) access token with the following cURL command:

   curl -k -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
   -d "grant_type=password&username=<username>&password=<password>&scope=openid" \
   https://<cluster_address>/idprovider/v1/auth/identitytoken
   

   Where:

   • <username> - Your username.
   • <password> - Your password.
   • <cluster_address> - The IBM Cloud Pak for AIOps console route. For more information about how to get this Cloud Pak for AIOps console route, see Accessing the Cloud Pak for AIOps console.

   The command returns an access_token, refresh_token, and id_token, as shown in the following example:

   {"access_token": "eb837eaf32459b711945a9d2259880119056e805ff0d2f36421cc171f94e58fef349f0005d217e36889b62271d9f00fc7cb5b1fe5a86546d9dee8e22bca39b8f90d6cb61dae7fc383447823a09e380feeefba5bea0c994408470a49db0df32ddc2b0cca9381519e60a63daae9b87ebfe9400b0c4af818b7f7d6c32e21465909efc8aa02804808f23ff96ac342b3b1c35230ac8858dbcb7979995d7044c7b9cb05945c91b63a938703641e0fded339fb4c22e2383743a94a30c41892804193744e0c0f020909f9579555bf691b240fafb558f76877fe0cb88ecbb3266fedbc7c541129270f67784d11ed658998b536841e0fdfc50a9ad056d2cabf717cb13326e4f620a6ce172d8da4701b820c5ffe23223e7fb5725b244a1dd45538a0c7ca09a643759aaa2d8585a28689cae968ab3328351e3c38a8b199040067ca5837169ce62a88282d1c8551d762fbdff77727cb51dd62213cef58dfb88e304abbc48063246b7e9f39650a0ac86f6c72973b702b79faf34b68afb9412c9e0e56b104e12bf1ea3764faeac258fe1c3e896da412607a71ad8b4224efcfa0eafbc15f5e7af5b8baa41163c220419c7249e9652ca7b5692b42cbe4c7d88c18d77440ec350582f51880e7354eed76ebd8ce760b27a6ca5808c6fc51ef843ee5d98e5bbafaeb4096301853fa5fdc876275defd3ecabd0eb656c7cd2441e523e0c5468a1f261fb44",
   "token_type":"Bearer","expires_in":43199,"scope":"openid"
   "refresh_token":"6q4griAg9yCiGINQvF0Dp7N9hqXhcXZrAsqWWYgl6XQ80Uexsq",
   "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiYWRmZDc4MmEwOTc1ZTNmMzc2ZTkxZTI3YjJkNTYxZmQ0OTNiNTQzMSIsInJlYWxtTmFtZSI6ImN1c3RvbVJlYWxtIiwidW5pcXVlU2VjdXJpdHlOYW1lIjoiYWRtaW4iLCJpc3MiOiJodHRwczovL215Y2x1c3Rlci5pY3A6OTQ0My9vaWRjL2VuZHBvaW50L09QIiwiYXVkIjoiMGQzYzA3MTc5OTYxYmEzMWEyODY5NDU0NDQwM2E0NDYiLCJleHAiOjE1NTQ5MTQ2NTIsImlhdCI6MTU1NDg4NTg1Miwic3ViIjoiYWRtaW4iLCJ0ZWFtUm9sZU1hcHBpbmdzIjpbXX0.CnT0qWECpJR9R16W-IOqrXjSJR8DelRsDUXcX6hy_I0DPQ7hU55Bhcq6UChEg3qiWWRbKwrFIxikXPjEjw2B9oziEd8U8AEO-4LEaXOpc5Lk1shvyxBQFDDgyUwgyGb-erRbO_Sl1K4xotuTLg4nhoydwTXs7lZn7GC4UW8j1qkhlbFe5iLgKidCZsjyPo-2GNYEQn0ufHH3KCR4DkHi6GX2RUxisNecwDzNl9P5JSyjlS-r5QUZJ0b0DytKuY5HxpswpIFaO9U8JlYAFoOZ18eO_CzERHRQ_Ii1ePmagGAk-eLJjmCNqY1zynfpEUuKlWUR5rVGHGzSbGA8J4CLvg"}
   

   From this example, the following content is the access token that is needed for obtaining a platform UI access token:

   "access_token":
   "eb837eaf32459b711945a9d2259880119056e805ff0d2f36421cc171f94e58fef349f0005d217e36889b62271d9f00fc7cb5b1fe5a86546d9dee8e22bca39b8f90d6cb61dae7fc383447823a09e380feeefba5bea0c994408470a49db0df32ddc2b0cca9381519e60a63daae9b87ebfe9400b0c4af818b7f7d6c32e21465909efc8aa02804808f23ff96ac342b3b1c35230ac8858dbcb7979995d7044c7b9cb05945c91b63a938703641e0fded339fb4c22e2383743a94a30c41892804193744e0c0f020909f9579555bf691b240fafb558f76877fe0cb88ecbb3266fedbc7c541129270f67784d11ed658998b536841e0fdfc50a9ad056d2cabf717cb13326e4f620a6ce172d8da4701b820c5ffe23223e7fb5725b244a1dd45538a0c7ca09a643759aaa2d8585a28689cae968ab3328351e3c38a8b199040067ca5837169ce62a88282d1c8551d762fbdff77727cb51dd62213cef58dfb88e304abbc48063246b7e9f39650a0ac86f6c72973b702b79faf34b68afb9412c9e0e56b104e12bf1ea3764faeac258fe1c3e896da412607a71ad8b4224efcfa0eafbc15f5e7af5b8baa41163c220419c7249e9652ca7b5692b42cbe4c7d88c18d77440ec350582f51880e7354eed76ebd8ce760b27a6ca5808c6fc51ef843ee5d98e5bbafaeb4096301853fa5fdc876275defd3ecabd0eb656c7cd2441e523e0c5468a1f261fb44"
   

2. Get your Platform UI access token by running the following cURL command:

   curl -k X GET 'https://$ROUTE/v1/preauth/validateAuth' \
   -H 'username: admin' \
   -H 'iam-token: <iam-token>'
   

   • ROUTE - The IBM Cloud Pak platform (cpd) route hostname.
   • <username> - Your username.
   • <iam-token> - The IAM access token that you obtained from the response in the previous step.

   The API response can resemble the following sample:

   {
       "_messageCode_": "200",
       "message": "Success",
       "token": "<encoded-token-string>"
   }
   

   • <encoded-token-string> - Your Platform UI access token.

Get authentication by using Platform UI API Key

1. Generate your platform API (Zen) key:

   1. Log in to the IBM Cloud Pak for AIOps console to authenticate your user credentials.

      For more information, such as for how to obtain the URL route for accessing the Cloud Pak for AIOps console, see Accessing the Cloud Pak for AIOps console.

   2. From the toolbar, click your avatar.

   3. Click Profile and settings.

   4. Click API key > Generate new key.

   5. Click Generate.

   6. Click Copy and save your key somewhere safe. You cannot recover this key if you lose it.

   If you lose your API key, repeat the preceding steps to generate a new API key. Your old API key becomes invalid, and any applications or scripts cannot authenticate to the platform until you provide your new API key. For more information, see Generating API keys for authentication.

2. Generate a base64 format of your Platform UI API Key:

   ZENAPIKEY=$(echo "<username>:<API_key>" | base64 -w 0)
   

   • <username> - Your username.
   • <API_key> - The API key that you generated in the previous step.

3. The output is an encoded value. See the following example.

   YWRtaW46MUFKblRIYngxNFJUVnBoR0FTdW0wcDJEOFl6UXFyVllmU2tmeW5qYgo=
   

   This encoded (base64 format) Platform UI API Key is used as the value for <ZenApiKey>.

4. Construct your Authorization header with the Platform UI API Key.

   --header "Authorization: ZenApiKey <ZenApiKey>"
   

   • <ZenApiKey> - The Platform UI API key that you get in the previous step.

5. Run the following cURL command:

   curl "https://<Endpoint URL>" --header 'Content-Type: application/json' --header "Authorization: ZenApiKey <ZenApiKey>" --header 'X-TenantID: cfd95b7e-3bc7-4006-a4a8-a73a79c71255' --insecure
   

   • <Endpoint URL> - The Endpoint URL as specified on the API page of the service that you want to use, for example, you can find the Endpoint URL for metrics here.

Next steps

Access IBM Cloud Pak for AIOps API with your Platform UI authentication token or API keys. Include the Platform UI access token in the authorization header of your API calls.

For more information on the available API and related Swagger documentation, see APIs.