Перейти к содержанию

API Key

Usage

Client MUST set Private-Token HTTP Request header and set it with proper Key in order to get access to protected API

Example:

curl  -s -D - -k -H 'Private-Token: 12345'  https://noc_url/datastream-api-referencemanagedobject`

where 12345 is an API token key.

Roles

DataStream API

Access to DataStream API

API:RoleDescription
datastream:administrativedomainadministrativedomain DataStream
datastream:alarmadministrativedomain DataStream
datastream:resourcegroupresourcegroup DataStream
datastream:managedobjectmanagedobject DataStream
datastream:dnszonednszone DataStream access
datastream:cfgmetricscfgmetrics DataStream access
datastream:cfgpingcfgping DataStream access
datastream:cfgsyslogcfgsyslog DataStream access
datastream:cfgtrapcfgtrap DataStream access
datastream:vrfvrf DataStream access
datastream:prefixprefix DataStream access
datastream:addressaddress DataStream access

NBI API

API:RoleDescription
nbi:configNBI config API access
nbi:configrevisionsNBI configrevisions API access
nbi:getmappingsNBI getmappings API access
nbi:objectmetricsNBI objectmetrics API access
nbi:objectstatusNBI objectstatus API access
nbi:pathNBI path API access
nbi:telemetryNBI telemetry API access

Web interface example

You should fill Name and API key as required fields. Also in API rows should be nbi or datastream. In Role row should be a role from tables above or * (asterisk)

Edit API

You can fill the ACL section or may leave it empty. Prefix field should be in a IP/net way.

Edit API ACL

Also there is an opportunity to allow requests to API only from whitelist IPs. You can find this option in Tower, in nbi/datastream service respectively.

Best Practices

  • Grant separate API Keys for every connected system
  • Grant separate API Keys for every developer, Restrict key lifetime
  • Grant separate API Keys for every external tester, Restrict key to short lifetime