cancel
Showing results for 
Search instead for 
Did you mean: 

iControl Authentication Token time-out for health monitor API Call

Wall-ED
Nimbostratus
Nimbostratus

Hi Guys,

I want to collect health status about F5 virtual servers through an API Proxy or 3rd party tools using the HTTP request below.

it works but only temporarily since the X-F5-Auth-Token expires after a short time. is there a way this token can stay forever? this method isn't at all practical with a temporary token and we shouldn't have the user/pass on 3rd party tools. but if we have to do it another way, can we replace x-f5-auth-token with a low-priv read-only username and password pair? how would the http request look like?

thanks in advance

 

GET https://172.16.45.75/mgmt/tm/ltm/virtual/Splunk-VS/stats HTTP/1.1

X-F5-Auth-Token: JJ3LFIRJALD44GH3SX6QK4TDVE

Host: 172.16.45.75

Connection: close

 

 

2 REPLIES 2

Satoshi_Toyosa1
F5 Employee
F5 Employee

For the iControl REST authentication methods (either Basic Authentication or Token Based Authentication), refer to iControl REST User Guide (PDF document). If you do not want to recreate authentication tokens upon expiration, you may want to consider using the Basic Authentication, which uses the HTTP Authorization header to send the user/password information. The header looks like this:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

The user/password string is represented in Base64. See RFC 2617 for how.

 

An authentication token expires after 1200s (20 min) by default. You can extend it but the maximum you can set is 36000s (10h). Once expired, you need to request another token again. See also "question of limitation and expiration for rest api token".

 

You need to choose an appropriate user role for a read-only user. Manual Chapter: User Roles describes a number of user roles to choose from.

Satoshi_Toyosa1
F5 Employee
F5 Employee

P.S., You can convert your user:password (note: colon in between) using JavaScript: e.g., from your browser's console,

> btoa("foo:bar") // Converting "user/password" < "Zm9vOmJhcg==" > atob("Zm9vOmJhcg==") // Back to the original string < "foo:bar"

For Pythonistas:

>>> import base64 >>> base64.b64encode(b'foo:bar') b'Zm9vOmJhcg==' >>> base64.b64decode(b'Zm9vOmJhcg==') b'foo:bar'