Generating an authorization token or API key

You can also generate the ZenApiKey token by using the following command.

echo "<username>:<api_key>" | base64

Then, you can use the ZenApiKey to authenticate to an endpoint.

curl -H "Authorization: ZenApiKey <token>" "https://<cpd_instance_route>/<endpoint>"

Watson Data APIs and Watson Machine Learning APIs do not support ZenApiKey authorization. You must use your API key to generate a Bearer token by using the authorize endpoint.

Endpoint

/icp4d-api/v1/authorize

Method

POST

Command syntax

Replace <cpd_instance_route>, <username>, and <api_key> with the correct values for your environment.

curl -X POST \
  'https://<cpd_instance_route>/icp4d-api/v1/authorize'\
  -H 'Content-Type: application/json' \
  -d' {
    "username":<username>,
    "api_key":<api_key>
}'

This command returns a response that contains the authorization token.

Sample response

{
    "_messageCode_": "200",
    "message": "Success",
    "token": "<authorization-token>"
}

The authorization token is used in subsequent API calls.

More information

See also Get authorization token in the Cloud Pak for Data Platform API.

If Identity and Access Management (IAM) are not enabled, you can generate a token by using your username and password against the validateAuth endpoint.

Endpoint

/v1/preauth/signin

Method

POST

Command syntax

Replace <cpd_instance_route>, <username>, and <password> with the correct values for your environment.

curl -X POST \
  'https://<cpd_instance_route>/v1/preauth/signin'\
  -H 'Content-Type: application/json' \
  -d' {
    "username":<username>,
    "password":<password>
}'

This command returns a response that contains the authorization token.

Sample response

{
    "_messageCode_": "200",
    "message": "Success",
    "token": "<authorization-token>"
}

The authorization token is used in subsequent API calls.

More information

See also Get authorization token in the Cloud Pak for Data Platform API.

If IAM is enabled, you can generate a token by using your username and password against the /idprovider/v1/auth/identitytoken endpoint. Follow these steps, replacing the <variables> with the correct values for your environment.

1. Get your IAM access token with the following cURL command.

   curl -k -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
   -d "grant_type=password&username=<username>&password=<password>&scope=openid" \
   https://<common-services-route>/idprovider/v1/auth/identitytoken

   Replace the following values.

   • <username> is your username.
   • <password> is your password.
   • <common-services-route> is the route to access IBM Cloud Pak foundational services.

   This command returns an access_token, refresh_token, and id_token. The value that is assigned to access_token is what you need to obtain a platform UI access token in the next step.

2. Get your platform UI access token by running the following cURL command.

   curl -k -X GET 'https://<cpd_instance_route>/v1/preauth/validateAuth' \
   -H 'username: <username>' \
   -H 'iam-token: <access-token>'
   

   Replace the following values.

   • <cpd_instance_route> is the route to the Cloud Pak for Data web client. By default, this URL is https://cpd-<namespace>.apps.<OCP-default-domain>.
   • <username> is your username.
   • <access-token> is the IAM access token that you obtained from the response in the previous step.
   The cURL response can resemble the following sample.

   {
   
   "_messageCode_": "200",
   "message": "Success",
   "token": "<encoded-token-string>"
   }

   In this example, <encoded-token-string> is your platform UI access token.