Forum Discussion
caulfiedd_spurr
Cirrus
Cirrusquestion of limitation and expiration for rest api token
now I cannot login ltm via rest api , i thought the number of token of my account has reach the maximum .here is an error login myhost fail b'{"code":401,"message":"remoteSender:http://localhost:81...
It is not obvious from the error message you provided, however, a usual error message you get from authorization error (e.g., incorrect password) is "message": "Authentication failed." The issue may be a bit deeper than you may think. Try restarting the iControl REST framework daemon by running 'tmsh restart sys service restjavad'. If the issue still persists, I recommend you to file a service ticket to F5 support.
Perhaps you just want to remove the token right after running the API operation?
The script below is using an auth token to patch a sample configuration and afterwards the token will be deleted automatically:
# python script: apitest2.py
# version: 0.2 (2022--05-09)
# author: Stephan Manthey
# purpose:
# retrieve auth token
# modify configuration (enable/disable pool member) with token based auth
# delete auth token
# module requests required (installed via Python PIP):
# su -c 'yum install python-pip'
# su -c 'sudo pip2 install requests'
# su -c 'sudo pip3 install requests'
# or:
# su -c 'yum install python-requests'
# su -c 'yum install python3-requests'
import time
import json
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
username = 'username'
password = 'password'
bigipdev = '10.100.100.81'
poolname = 'pool_apitest'
nodename = '10.10.10.11'
nodeport = 80
authpath = 'https://{}/mgmt/shared/authn/login'.format(bigipdev)
conthead = {'Content-Type': 'application/json'}
authdata = {'username': username, 'password': password, 'loginProviderName': 'tmos'}
memberup = {'state': 'user-up', 'session': 'user-enabled'}
memberdown = {'state': 'user-down', 'session': 'user-disabled'}
session = requests.Session()
authtime = time.time()
tokenrequest = session.post(url=authpath,data=json.dumps(authdata),headers=conthead,verify=False)
print('got my token:','{:f}'.format(time.time() - authtime))
# print('token request:',tokenrequest.status_code)
if tokenrequest.status_code == 200:
tokendata = tokenrequest.json()
xauthhead = {'X-F5-Auth-Token': tokendata['token']['token'], 'Content-Type': 'application/json'}
querypath = 'https://{}/mgmt/tm/ltm/pool/~Common~{}/members/~Common~{}:{}'.format(bigipdev,poolname,nodename,nodeport)
print('patching now:','{:f}'.format(time.time() - authtime))
membermodify = session.patch(url=querypath,data=json.dumps(memberup),headers=xauthhead,verify=False)
print('1st response:','{:f}'.format(time.time() - authtime))
if membermodify.status_code == 200:
memberdata = membermodify.json()
membername = memberdata['name']
# print('member found:',membername)
else:
print('modification error:',membermodify.status_code)
exit()
membermodify = session.patch(url=querypath,data=json.dumps(memberdown),headers=xauthhead,verify=False)
print('2nd response:','{:f}'.format(time.time() - authtime))
if membermodify.status_code == 200:
memberdata = membermodify.json()
membername = memberdata['name']
# print('member found:',membername)
else:
print('modification error:',membermodify.status_code)
exit()
tokendelpath = 'https://{}/mgmt/shared/authz/tokens/{}'.format(bigipdev,tokendata['token']['token'])
tokendelete = session.delete(url=tokendelpath,headers=xauthhead,verify=False)
# print('token delete:', tokendelete.status_code)
if tokendelete.status_code != 200:
print('token delete error')
exit()
else:
print('error: no token provided')
exit()PS: Probably you also want to add some lines to save into the startup configuration