Technical Forum
Ask questions. Discover Answers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

REST API authorization in a cronjob, recommendation

Stefan_Klotz
Cumulonimbus
Cumulonimbus

I'd like to run an automatic script via cronjob to trigger REST API calls on a BIG-IQ (the script is located on the BIG-IQ itself).
What possibilities are available in regards to authorization, especially from a security point of view, meaning avoiding placing credentials in the script. Is there maybe an option to use mutual SSL as trust?
Right now doing manual testing I first create a token with basic credentials and then doing the REST-call with this token.
But having an automatic script, there is no posibility to enter the password, means it needs to be placed somewhere.
Any ideas would be very helpful.
Thank you!

Regards Stefan ๐Ÿ™‚

3 REPLIES 3

Better check the security things for Linux curl as there are some ways like netrc files or using environmental variable for user:pass.

 

https://linuxhint.com/curl-username-password/

 

https://www.googlecloudcommunity.com/gc/Cloud-Product-Articles/Do-you-use-curl-Stop-using-u-Please-u...

 

Outside of that make a new user with the correct role to limit what the script can do

 

https://techdocs.f5.com/kb/en-us/products/big-iq-centralized-mgmt/manuals/product/big-iq-centralized...

Stefan_Klotz
Cumulonimbus
Cumulonimbus

Thanks @Nikoolayy1 , sound promising. And from what I read so far this also works automatically with requests-function in python. But can I also put the credentials into variables to use it somewhere else other then in the Basic Authorization header? I'm asking, because the credentials need to be included in the json-body of the token-request and not as part of the Authorization header.

Regards Stefan ๐Ÿ™‚

I have not done it in a json body but there seems to be examples on the Internet like:

 

https://towardsdatascience.com/proper-ways-to-pass-environment-variables-in-json-for-curl-post-f797d...