Authentication for RESTful API
To use the RESTful API, you run GET, POST, PUT, or DELETE API calls. You can use various programs to run REST API calls; in these examples, we use curl. Regardless of which tool you use to run the calls, you must first authenticate.
Try it outaction within a POST, PUT, or DELETE API call in a the REST interface within a browser, any previously authenticated tokens that you have are overwritten. For example, if you had the interface open in another tab, it is no longer authenticated. Additionally, the request might be denied by the security guard due to missing or invalid tokens. This happens when your current session is already logged into the interface. Clear your cache and try again.
Authenticating with a user name and password
Admin
with the default
password
Admin
):curl --header 'Accept: application/json' --user Admin:Admin --cacert /opt/ibm/spectrumcomputing/wlp/usr/shared/resources/security/cacert.pem --tlsv1.2
-X GET https://myresthost.example.com:8543/platform/rest/ego/v1/hosts
This example uses the default self-signed CA certificate for the --cacert option (the default certificate file is located at $EGO_TOP/wlp/usr/shared/resources/security/cacert.pem (for Linux®) and Installation_top\wlp\usr\shared\resources\security\cacert.pem Windows). For your production cluster, use a properly chained certificate that is signed by a trusted CA.
Alternatively, use the -k option (instead of the --cacert option) to specify an insecure connection.
Credential-based authentication with cookies
- Generate the cookie file using the -c cookie_file
option. For example, if you are using curl, specify your user name and password (such as
Admin
for both), and the cookie file to be generated (for example, /tmp/cookie):curl -X GET --cacert /opt/ibm/spectrumcomputing/wlp/usr/shared/resources/security/cacert.pem --tlsv1.2 -c /tmp/cookie --header 'Accept: application/json' 'https://myresthost.example.com:8543/platform/rest/ego/v1/auth/logon' --user Admin:Admin
This example uses the default self-signed CA certificate for the --cacert option (the default certificate file is located at $EGO_TOP/wlp/usr/shared/resources/security/cacert.pem (for Linux) and Installation_top\wlp\usr\shared\resources\security\cacert.pem (for Windows). For your production cluster, use a properly chained certificate that is signed by a trusted CA.
- Specify reuse of the generated cookie file using the -b
cookie_file option in your API call. In this example, the API call is a
GET call:
curl -X GET --cacert /opt/ibm/spectrumcomputing/wlp/usr/shared/resources/security/cacert.pem --tlsv1.2 -b /tmp/cookie --header 'Accept: application/json' 'https://myresthost.example.com:8543/platform/rest/ego/v1/hosts
Alternatively, use the -k option (instead of the --cacert option) to specify an insecure connection.
Following successful login, this command returns a token in an alphanumeric string format (such as 915ee7644f431e630dac68b9ab3e40bc). Add this token as a request parameter in all subsequent API calls.