Forum Discussion
sysAdm
Altocumulus
AltocumulusREST API access right
Hi all,
We're running F5 LTM (version 14.1.4.x) and sorry for any newbie question.
We're trying to perform some tasks through REST API to the LTM:
1. Check system status, e.g.
curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"show\", \"utilCmdArgs\":\"-c 'cm failover-status'\"}"
2. Perform failover, e.g.
curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"run\", \"utilCmdArgs\":\"-c 'sys failover standby'\"}"
We don't want to expose admin password in any script, while authentication token seems only valid for 10 hours at most and not suitable to be used in cronjobs. We create user for this specific purpose with user role Resource Administrator who can perform the task through ssh or GUI.
However, both commands can run as that specific user (testuser1) in tmsh interactively, but fail when running through curl with error:
{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/testuser1 resource=/mgmt/tm verb=POST uri:http://localhost:8100/mgmt/tm referrer:192.168.1.8 sender:192.168.1.8","referer":"192.168.1.8","restOperationId":2225072,"kind":":resterrorresponse"}
I'm afraid we've something missed or setting up based on wrong concept...
Would anyone please help?
Thanks and Rgds
/st wong
- Paulius
MVP
sysAdm You do not need to enable remote authentication in order to use REST api. I was just making sure it wasn't enabled because if it was and you were using a local user, the local users are disabled when remote authentication is enabled. The exception to disabled local users with remote authentication is the root and admin user that come default on the F5.
