Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Respected Contributor.. Mark_Egloff Respected Contributor..
Respected Contributor..
387 views

WIE REST API Authentication - Token due date configuration and own user?

I have a few questions regarding the WIE REST API Authentication.

- In order to call REST API endpoints you need to get first an Fortify Token. Is there an option how you can configure how long such a token is valid? Where do I find this settings and how long is such a token valid ?

- How do I pass the fortify token in order to call an API endpoint? do you can provide us an example with CURL or similar?


- Is there an option to have separate WIE user which is only allowed to generate new tokens but can not use the WIE Web GUI or Console?

 

Thank you

Labels (2)
Tags (1)
0 Likes
3 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: WIE REST API Authentication - Token due date configuration and own user?

First question would be whether your WIE is connected to SSC. If yes, you can configure how long a token is valid. Take a look at the following section of the documentation: https://www.microfocus.com/documentation/fortify-software-security-center/1810/SSC_Help_18.10/index.htm#SSC_UG/Gen_Auth_Tokens.htm 

Authentication tokens are defined at runtime in WEB-INF/internal/serviceContext.xml.

To pass a token you can use the following:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' 'https://server/WIE/REST/api/v1/tokens?api_key=token'

You can obtain this information from the Swagger documentation located at <server>/WIE/REST/swagger/

If WIE is standalone then you would use /api/v1/auth as mentioned in the Swagger documentation <server>/WIE/REST/swagger/ui/index#!/Authentication/Authentication_Login

0 Likes
Respected Contributor.. Mark_Egloff Respected Contributor..
Respected Contributor..

Re: WIE REST API Authentication - Token due date configuration and own user?

Thank you, this was very helpful.

do you know which Token Type has to be generated on the SSC so it can be used later on for the WIE REST API?

 

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: WIE REST API Authentication - Token due date configuration and own user?

Try the UnifiedLoginToken - This token specification provides the capability to access most of the REST API. Intended for short-run automations lasting less than a day.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.