Generating an authentication token with SQL DI REST API

SQL Data Insights (SQL DI) provides secure REST API services for you to administer server settings and manage connections, AI objects, and object models. All API requests must be authenticated from authorized users. Instead of sending your user ID and password in each API call, you can encrypt and store them in an authentication token in one request and then include the token in the subsequent requests for authentication.

Before you begin

SQL DI supports both basic and bearer authentication methods. For enhanced security, use bearer authentication. The following procedure describes how to generate a bearer token through a REST API call.

Procedure

  1. In your REST API client, start a new HTTPS POST request in JSON format.

    See https://<SQLDI-IPAddress>:<SQLDI-PortNumber>/swagger or Db2 SQL Data Insights REST APIs for a full list of SQL DI REST API endpoints, options, descriptions, and examples.

  2. In the request header, set the Accept and Content-Type fields to application/json.
  3. In the request body, include the following user authentication options: 
    {
  "username": "yourSQLDIuserID",
  "password": "yourSQLDIpassword",
  "tokenTTL": "2"
}

    Where:

    • username is the SQL DI user ID of the requester.

      SQL DI uses a login group to identify and authorize users. The default group name is SQLDIGRP. Make sure that the user ID that you specify is defined in your SQL DI login group.

    • password is the password for the user ID.
    • tokenTTL specifies the time-to-live (TTL) value or the expiration time of the authentication token in hours. A valid value is a positive integer with 1 (hour) as the default.

      The tokenTTL option is optional. If you specify the option for a new token, the token is valid within the specified time. In other words, you can use the same token in subsequent requests before it expires.

  4. Send the POST request to the following address: 
    POST https://<SQLDI-IPAddress>:<SQLDI-PortNumber>/sqldi/v2/token

    If your request returns a response similar to the following example, your API call is successfully processed:

    Code 200 – Success.

    The response will also include the requested token in a string like the following example:

    eYasdajfjsdlfnsdknfklsldkmflkjskljkdjflksdkfkjsldfsasfasfasfv1dfd

    The new bearer token is valid for 2 hours as specified in the tokenTTL option. In the header of a subsequent API request, include the Authorization parameter:

    Authorization: <type> <credentials>

    Set the type field to bearer and the credentials field to the token that you just generated:

    Authorization: bearer eYasdajfjsdlfnsdknfklsldkmflkjskljkdjflksdkfkjsldfsasfasfasfv1dfd