API Key¶
Usage¶
Client MUST set Private-Token HTTP Request header and set it
with proper Key in order to get access to protected API
Example:
curl -s -D - -k -H 'Private-Token: 12345' https://noc_url/datastream-api-referencemanagedobject`
where 12345 is an API token key.
Roles¶
DataStream API¶
Access to DataStream API
| API:Role | Description |
|---|---|
datastream:administrativedomain |
administrativedomain DataStream |
datastream:alarm |
administrativedomain DataStream |
datastream:resourcegroup |
resourcegroup DataStream |
datastream:managedobject |
managedobject DataStream |
datastream:dnszone |
dnszone DataStream access |
datastream:cfgmetrics |
cfgmetrics DataStream access |
datastream:cfgping |
cfgping DataStream access |
datastream:cfgsyslog |
cfgsyslog DataStream access |
datastream:cfgtrap |
cfgtrap DataStream access |
datastream:vrf |
vrf DataStream access |
datastream:prefix |
prefix DataStream access |
datastream:address |
address DataStream access |
NBI API¶
| API:Role | Description |
|---|---|
nbi:config |
NBI config API access |
nbi:configrevisions |
NBI configrevisions API access |
nbi:getmappings |
NBI getmappings API access |
nbi:objectmetrics |
NBI objectmetrics API access |
nbi:objectstatus |
NBI objectstatus API access |
nbi:path |
NBI path API access |
nbi:telemetry |
NBI telemetry API access |
Web interface example¶
You should fill Name and API key as required fields.
Also in API rows should be nbi or datastream. In Role row should be a role from tables above or * (asterisk)
You can fill the ACL section or may leave it empty. Prefix field should be in a IP/net way.
Also there is an opportunity to allow requests to API only from whitelist IPs.
You can find this option in Tower, in nbi/datastream service respectively.
Best Practices¶
- Grant separate API Keys for every connected system
- Grant separate API Keys for every developer, Restrict key lifetime
- Grant separate API Keys for every external tester, Restrict key to short lifetime