REST API access right
Hi all,
We're running F5 LTM (version 14.1.4.x) and sorry for any newbie question.
We're trying to perform some tasks through REST API to the LTM:
1. Check system status, e.g.
curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"show\", \"utilCmdArgs\":\"-c 'cm failover-status'\"}"
2. Perform failover, e.g.
curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"run\", \"utilCmdArgs\":\"-c 'sys failover standby'\"}"
We don't want to expose admin password in any script, while authentication token seems only valid for 10 hours at most and not suitable to be used in cronjobs. We create user for this specific purpose with user role Resource Administrator who can perform the task through ssh or GUI.
However, both commands can run as that specific user (testuser1) in tmsh interactively, but fail when running through curl with error:
{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/testuser1 resource=/mgmt/tm verb=POST uri:http://localhost:8100/mgmt/tm referrer:192.168.1.8 sender:192.168.1.8","referer":"192.168.1.8","restOperationId":2225072,"kind":":resterrorresponse"}
I'm afraid we've something missed or setting up based on wrong concept...
Would anyone please help?
Thanks and Rgds
/st wong