Authenticating to the REST API
The REST API is hosted at this base URL:
https://{addr}/api/v1
The specification is available here.
You can use the REST interface via curl, or from the API Guide embedded in the CipherTrust Data Security Platform Service UI.
To copy and paste the following example commands, set an environment variable to point to your CipherTrust Data Security Platform Service instance:
$ export KSCTL_URL=https://{addr} # sh/bash
$ set -x KSCTL_URL=https://{addr} # fish
API token generation for User Credentials
For example, this command will use the root admin's credentials to create an API token:
$ curl -k -X POST $KSCTL_URL/api/v1/auth/tokens/ \
-H "Content-Type: application/json" \
-d "{\"name\":\"admin\",\"password\":\"admin\"}"
The response:
{
"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkMzEzYzcwZS01NmYyLTQ5MTUtOGJkNy01ZmMyYmUyNzk2YzEiLCJzdWIiOiJsb2NhbHxiM2ZjOGZlNy1hN2ZlLTQ1YzEtOWU1OS0zYmUxNTRkMTZjYmQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsImN1c3QiOnsiZ3JvdXBzIjpbImFkbWluIl19LCJpYXQiOjE0ODExMjQxMzcsImV4cCI6MTQ4MTEyNDQzN30.Z9GU0YyOImHMdPmbZx66vL0NLQfeLvNGkyGkZpVbfx4",
"duration":300
}
Copy the value of the jwt property into another environment variable:
(sh) $ export KSCTL_JWT=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkMzEzYzcwZS01NmYyLTQ5MTUtOGJkNy01ZmMyYmUyNzk2YzEiLCJzdWIiOiJsb2NhbHxiM2ZjOGZlNy1hN2ZlLTQ1YzEtOWU1OS0zYmUxNTRkMTZjYmQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsImN1c3QiOnsiZ3JvdXBzIjpbImFkbWluIl19LCJpYXQiOjE0ODExMjQxMzcsImV4cCI6MTQ4MTEyNDQzN30.Z9GU0YyOImHMdPmbZx66vL0NLQfeLvNGkyGkZpVbfx4
(fish)$ set -x KSCTL_JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkMzEzYzcwZS01NmYyLTQ5MTUtOGJkNy01ZmMyYmUyNzk2YzEiLCJzdWIiOiJsb2NhbHxiM2ZjOGZlNy1hN2ZlLTQ1YzEtOWU1OS0zYmUxNTRkMTZjYmQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsImN1c3QiOnsiZ3JvdXBzIjpbImFkbWluIl19LCJpYXQiOjE0ODExMjQxMzcsImV4cCI6MTQ4MTEyNDQzN30.Z9GU0YyOImHMdPmbZx66vL0NLQfeLvNGkyGkZpVbfx4
Using the jq tool, we can fetch, extract, and export the token in a single shell command:
(sh) $ export KSCTL_JWT=$(curl -k -X POST $KSCTL_URL/api/v1/auth/tokens/ \
-H "Content-Type: application/json" \
-d "{\"name\":\"admin\",\"password\":\"admin\"}" | jq -r '.jwt')
(fish)$ set -x KSCTL_JWT (curl -k -X POST $KSCTL_URL/api/v1/auth/tokens/ \
-H "Content-Type: application/json" \
-d "{\"name\":\"admin\",\"password\":\"admin\"}" | jq -r '.jwt')
We can use that API token to make other calls:
$ curl -k "$KSCTL_URL/api/v1/vault/keys2?limit=20" \
-H "Authorization: Bearer $KSCTL_JWT"