Token-based authentication is required to access the activity service API. You can authenticate requests with user authentication tokens or allowed certificates.
By default, the activity service listens on port 4433. All endpoints
are relative to the
path. So, for example, the full URL for the
/v1/events endpoint on localhost is
Authentication using tokens
Insert a user authentication token variable in an activity service API request.
- Generate a token:
puppet-access showto populate an authentication header, and use that header in your API request.
puppet-access login auth_header="X-Authentication: $(puppet-access show)" uri="https://$(puppet config print server):4433/activity-api/v1/events?service_id=classifier" curl --insecure --header "$auth_header" "$uri"
See Usage notes for curl examples for information about forming curl commands.
Authenticating using an allowed certificate
You can also authenticate requests using a certificate listed in RBAC's certificate allowlist,
Note that if you edit this file, you must reload the
pe-console-services service (run
pe-console-services reload) for your changes to take effect.
Attach the certificate using the command line, as demonstrated in the example curl query below.
You must have the allowed certificate name (which must match a name in the
file) and the private key to run the script.
type_header='Content-Type: application/json' cert="$(puppet config print hostcert)" cacert="$(puppet config print localcacert)" key="$(puppet config print hostprivkey)" uri="https://$(puppet config print server):4433/activity-api/v1/events?service_id=classifier" curl --header "$type_header" --cert "$cert" --cacert "$cacert" --key "$key" "$uri"
You do not need to use an agent certificate for authentication.
You can use
puppet cert generate to
create a new certificate specifically for use with the API.