Highlighted
Micro Focus Expert
Micro Focus Expert
432 views

REST API Monitor and token based authentication

Does somebody exactly know which token based authentication is supported in the REST API Monitor?

For example a bearer token like in UCMDB which is requested via a simple POST XML Body and replayed in subsequent API calls as a Header does not seem to be possible to be configured (?)

Labels (1)
0 Likes
4 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello  ,

 

Within 11.9x the R&D team delivers some important improvements with the REST API monitor and the token-base authentication method.

 

Below you'll find some details of the release notes for SIS 11.91:

https://docs.microfocus.com/itom/SiteScope:2019.11/ReleaseSummary

REST API monitor enhancement

REST API monitor can monitor REST APIs that support token-based authentication. The token is cached in memory till the token expiry time. Once the token expires, the token will have to be fetched from the Token URL. For more information, see REST API Monitor.

 

https://docs.microfocus.com/itom/SiteScope:2019.11/RESTAPIMonitor

 

Miguel Torres
Micro Focus SW Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

[Opinions expressed in my postings are mine alone, and do not reflect the opinions of my employer.No warranties express or implied for any solution/suggestion posted.]
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Thanks,

but my question is regarding the possibilities to request a token (by POST etc).

Caching it (or not) is just a performance improvement….

 

Regards

Roland

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hello 

 

That feature is a new implementation within 11.91 version (2019.11).

 

You'll find additional details in the below link:

https://docs.microfocus.com/itom/SiteScope:2019.11/RESTAPIMonitor

Authentication Settings

  • Select Basic Authentication option to monitor REST API that is authenticated based on user credentials.
  • Select Token Based Authentication to monitor REST API that is authenticated based on token.

 

Authentication Settings
  • Select Basic Authentication option to monitor REST API that is authenticated based on user credentials.
  • Select Token Based Authentication to monitor REST API that is authenticated based on token.
Basic Authentication option
Credentials

Option to use for authorizing credentials if the URL specified requires a name and password for access:

  • Use user name and password. Select this option to manually enter user credentials. Enter the user name and password to access the URL in the User name and Password box.
  • Select predefined credentials. Select this option to have SiteScope automatically supply a predefined user name and password for the URL (default option). Select the credential profile to use from the Credential profile drop-down list, or click Add Credentials and create a new credential profile. For details on how to perform this task, see How to Configure Credential Preferences.
Token Based Authentication option
Token URL Authentication URL to fetch token. Note that it is recommended to use the POST method for fetching the token.
Token Key Name Token key name in the response.

Note: In case of a network issue or time lapse, if the monitor fails, the system will try to run the monitor either by fetching a new token or using the cached token (if the token expiry time has not been met). The number of times the system will retry using the new/cached token is based on the _restAPITokenRetryCount parameter in the master.config file. The default value for the _restAPITokenRetryCount parameter is one.

Token Creation Time Key Name Time the token was created. It is in Epoch time (seconds or milliseconds).

If Token Creation Time Key Name is not specified, the system will automatically take server time on which SiteScope is running.

Note: If Token Creation Time Key Name and Token Expiry Key Name fields are not specified, the token will be fetched from the Token URL for every run.

Token Expiry Key Name Time till when the token is valid. It is in seconds. The token is cached in memory till the token expiry time. Once the token expires, the token will have to be fetched from the Token URL.

Note: If Token Creation Time Key Name and Token Expiry Key Name fields are not specified, the token will be fetched from the Token URL for every run.

Key for Client Secret Key for client secret to fetch the token.
Client Secret Client secret to fetch the token.
Token response type Select any one of the following options depending on the response of Token URL:
  • JSON : Select this option if the response of Token URL is in JSON format
  • XML : Select this option if the response of Token URL is in XML format
Pre-emptive authorization

Option for sending authorization credentials if SiteScope requests the target URL:

 Use global preference. Select this option to have SiteScope use the setting specified in the Pre-emptive authorization section of the General Preferences page.

 Authenticate first request. Select this option to send the user name and password on the first request SiteScope makes for the target URL.

Note: If the URL does not require a user name and password, this option may cause the URL to fail.

 Authenticate if requested. Select this option to send the user name and password on the second request if the server requests a user name and password.

Note: If the URL does not require a user name and password, this option may be used. All options use the User name and Password entered for this monitor instance. If these are not specified for the individual monitor, the Default authentication user name and Default authentication password specified in the Main section of the General Preferences page are used, if they have been specified.

Note: Pre-emptive authorization does not control if the user name and password should be sent, or which user name and password should be sent .

 

 

Regards,

 

Miguel Torres
Micro Focus SW Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

[Opinions expressed in my postings are mine alone, and do not reflect the opinions of my employer.No warranties express or implied for any solution/suggestion posted.]
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Miguel,

I want to monitor the UCMDB REST API and I don't know if SiS is even capable to handle the standard bearer token mechanism:

 

Step 1. Get the access token by a POST Request with the following payload:

{

"username":"sysadmin",

"password":"admin",

"clientContext": 1

}

Step 2. From the response get the <token> header

Step 3. Issue the Webservice Request (GET) to the REST URL with the token as a header for authentication.

 

In the SiS REST monitor I cannot define Step1 (get the token) independently from Step2-3 (monitor the REST API).

 

What do you think?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.