Generating an authorization token for the admin user to authenticate to API endpoints

Who needs to complete this task?

A default platform administrator, either cpadmin or admin, can complete this task. You must have Red Hat® OpenShift® Container Platform access to complete this task. If you don't have access, work with your instance administrator.

Before you begin

You must generate a bearer token before you can use these tasks. For information about generating a bearer token, see Generating a bearer token.

About this task

Tokens and API keys are subject to authorization checks. Invocation of API endpoints depends on the role and permissions that you are granted on the platform and in services.

Procedure

Use one of the following methods to generate an authorization token to authenticate to API endpoints.

Getting an authorization token when the Identity Management Service is enabled.
Getting an authorization token when the Identity Management Service is disabled.

Getting an authorization token when the Identity Management Service is enabled

The Identity Management Service is enabled by default.

When Identity Management Service is enabled, you can generate a token by using your username and password against the /idprovider/v1/auth/identitytoken endpoint. Follow these steps, replacing the <variables> with the correct values for your environment.

Get your platform UI access token by running the following cURL command.
```
curl -k -X GET \
    "https://<platform_instance_route>/v1/preauth/validateAuth" \
    -H "username: <username>" \
    -H "password: <password>"
```
Replace the following values.
- <platform_instance_route> is the route to the IBM Cloud Pak for Data web client. By default, this URL is https://cpd-<namespace>.apps.<OCP-default-domain>.
- <username> is your username.
- <password> .
The cURL response can resemble the following sample.
```
{
    "_messageCode_": "200",
    "message": "Success",
    "accessToken": "<authorization-token>"
}
```

Getting an authorization token when the Identity Management Service is disabled

If LDAP is enabled, you can generate a token by using your username and password against the validateAuth endpoint.

Endpoint

/v1/preauth/signin

Method

POST

Command syntax

Replace <platform_instance_route>, <username>, and <password> with the correct values for your environment.

curl -X POST \
  'https://<platform_instance_route>/v1/preauth/signin'\
  -H 'Content-Type: application/json' \
  -d' {
    "username":<username>,
    "password":<password>
}'

This command returns a response that contains the authorization token.

Sample response

{
    "_messageCode_": "200",
    "message": "Success",
    "accessToken": "<authorization-token>"
}

The authorization token is used in subsequent API calls.

More information

See also Get authorization token in the IBM® Software Hub Platform API.

What to do next

Use the authentication token in the authorization header of subsequent API calls.

curl -H "Authorization: Bearer <token>" "https://<platform_instance_route>/<endpoint>"