IBM Support

Acquiring Access Tokens for APM V8 API calls - An example

Technical Blog Post


Abstract

Acquiring Access Tokens for APM V8 API calls - An example

Body

APM RESTful APIs

IBM Cloud Application Performance Management (APM V8) provides RESTful APIs for accessing Role Based Access Control (RBAC), Resource Group and Threshold Management services. See documentation links in the 'References' section in this post.

Before calling the APM service APIs, an access token is obtained from the OIDC server on the Cloud APM server. This access token is then used to authenticate to the API calls. An example of commands to obtain the access token is included below.

Example: Obtaining Access Token using OIDC protocol

Below is an example of the steps to acquire an access token. The 'apmhost' can be either the ip address or hostname of the APM server.

1. View clientSecrets.xml file:

/opt/ibm/wlp/usr/shared/config/clientSecrets.xml

<server>
<variable name="client.id.apmui" value="rpapmui" />
<variable name="client.secret.apmui" value="{xor}CxsROBNtZgoMGDRoPW9qBxEaEi4NbzsaBxcFMhEy" />
</server>

2. Use XOR decoder, such as: http://strelitzia.net/wasXORdecoder/wasXORdecoder.html
Decode the client.secret.apmui string (exclude the enclosing quotes): "{xor}CxsROBNtZgoMGDRoPW9qBxEaEi4NbzsaBxcFMhEy".

Obtained decoded string: TDNgL29USGk7b05XNEMqR0dEXHZmNm

3. Get access token:
Note that the decoded string from step 2 is used as client_secret parm value in the curl command below.


curl --tlsv1.2 -v -k -d "grant_type=password&client_id=rpapmui&client_secret=TDNgL29USGk7b05XNEMqR0dEXHZmNm&umin&password=apmpass&scope=openid" https://apmhost:8099/oidc/endpoint/OP/token
* About to connect() to apmhost port 8099 (#0)
* Trying apmhost... connected
* Connected to apmhost(apmhost) port 8099 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=localhost,O=IBM,OU=oidc,C=US
* start date: Jul 14 23:29:14 2016 GMT
* expire date: Jul 14 23:29:14 2018 GMT
* common name: localhost
* issuer: CN=localhost,O=IBM,OU=oidc,C=US
> POST /oidc/endpoint/OP/token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: apmhost:8099
> Accept: */*
> Content-Length: 130
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Content-Language: en-US
< Transfer-Encoding: chunked
< Date: Wed, 18 Oct 2017 21:00:14 GMT
<
* Connection #0 to host apmhost left intact
* Closing connection #0
{"access_token":"De7X5r6ygFGugvWLL17VoQ6k0QiMd5JvSECGUk3z","token_type":"Bearer","expires_in":1800,"scope":"openid","refresh_token":"chP9YZmieKkMKgJlj43vnIBIf8Zi2UYXcbOh51kk4ZyUtYhdQi"}


4. Access token received in step 3: De7X5r6ygFGugvWLL17VoQ6k0QiMd5JvSECGUk3z

5. Use access token in curl command.
Following curl command calls RBAC API (--url https://apmhost:9443/1.0/authzn/users) to get list of users. Access token is provided through Authorization: Bearer parm.

# curl --tlsv1.2 -v -k -H "Authorization: Bearer De7X5r6ygFGugvWLL17VoQ6k0QiMd5JvSECGUk3z" --request GET --url https://apmhost:9443/1.0/authzn/users --header 'accept: application/json' --header 'content-type: application/json' --header 'x-ibm-service-location: na'
* About to connect() to apmhost port 9443 (#0)
* Trying apmhost... connected
* Connected to apmhost (apmhost) port 9443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=liberty,O=IBM,C=US
* start date: Apr 21 18:09:20 2016 GMT
* expire date: Apr 21 18:09:20 2019 GMT
* common name: liberty
* issuer: CN=liberty,O=IBM,C=US
> GET /1.0/authzn/users HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: apmhost:9443
> Authorization: Bearer De7X5r6ygFGugvWLL17VoQ6k0QiMd5JvSECGUk3z
> accept: application/json
> content-type: application/json
> x-ibm-service-location: na
>
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0
< Content-Type: application/json
< Content-Length: 1953
< Set-Cookie: WAS_p139861935=Ew3SUaiE2SZbW5lmKoz13Fdnb7p28n+N7pk5gw0L7Z/DD3jmyjCpAemqAiybjZEU7fKZXPinWbwW6+CZZDXIOKKKef5ZETXwBFeRB4vVUHvLI4dTVjPkvUDS2B7DIgxQd5djx2rkwgRxyyLbGf1IKV//fApAKHAAXqx3FjCW/r+Q6A4YSfoSB2nuCvfdm6Wyd/j1O0rOWJkuuN1HELLd+xH1XBtjG/N31+TMJulwbOAq6ccurmI3y438Gs6SQoq4HN0u2ui39NB3nrIYpYRi5O6tbA7ABb4/4VzZ88hoqTX9AzwxPl3yZwAUavWxZ1/4; Path=/; Secure; HttpOnly
< Date: Wed, 18 Oct 2017 21:09:14 GMT
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Cache-Control: no-cache="set-cookie, set-cookie2"
<
[{"id":"user:customRealm\/apmadmin","label":"apmadmin","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fapmadmin","type":"user"},{"id":"user:customRealm\/kirk","label":"kirk","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fkirk","type":"user"},{"id":"user:customRealm\/susan","label":"susan","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fsusan","type":"user"},{"id":"user:customRealm\/derek","label":"derek","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fderek","type":"user"},{"id":"user:customRealm\/ray","label":"ray","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fray","type":"user"},{"id":"user:customRealm\/tracy","label":"tracy","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Ftracy","type":"user"},{"id":"user:customRealm\/gary","label":"gary","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm*
Connection #0 to host apmhost left intact
* Closing connection #0
%252Fgary","type":"user"},{"id":"user:customRealm\/harriet","label":"harriet","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fharriet","type":"user"},{"id":"user:customRealm\/john","label":"john","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fjohn","type":"user"},{"id":"user:customRealm\/noel","label":"noel","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fnoel","type":"user"},{"id":"user:customRealm\/jeanette","label":"jeanette","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fjeanette","type":"user"},{"id":"user:customRealm\/bruce","label":"bruce","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fbruce","type":"user"},{"id":"user:customRealm\/glenn","label":"glenn","href":"https:\/\/apmhost:9443\/1.0\/authzn\/users\/user%3AcustomRealm%252Fglenn","type":"user"}]

References

IBM Cloud Application Performance Management

Accessing and using the Role Based Access Control Service API

https://www.ibm.com/support/knowledgecenter/SSHLNR_8.1.4/com.ibm.pm.doc/install/admin_rbac_api.htm

Using the Resource Group Management Service API (Not available in V8.1.3)

https://www.ibm.com/support/knowledgecenter/SSHLNR_8.1.4/com.ibm.pm.doc/install/admin_resourcegroup_api.htm

Using the Threshold Management Service API

https://www.ibm.com/support/knowledgecenter/SSHLNR_8.1.4/com.ibm.pm.doc/install/admin_thresholds_api.htm

 

Tutorials   Po  int

 

Subscribe and follow us for all the latest information directly on your social feeds:

 

 

image

  image

 

image

 

 

Check out all our other posts and updates:

Academy Blogs:https://goo.gl/U7cYYY
Academy Videos:https://goo.gl/T LfMoF
Academy Google+:https://goo.gl/HnTs0w
Academy Twitter :https://goo.gl/AhR8CL

 

 

 

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11082865