Forming activity service API requests

Sections

Token-based authentication is required to access the activity service API. You can authenticate requests with user authentication tokens or whitelisted certificates.

By default, the activity service listens on port 4433. All endpoints are relative to the /activity-api/ path. So, for example, the full URL for the /v1/events endpoint on localhost is https://localhost:4433/activity-api/v1/events.

Authentication using tokens

Insert a user authentication token variable in an activity service API request.

  1. Generate a token: puppet-access login
  2. Use puppet-access show to populate an authentication header, and use that header in your API request.
Bash
puppet-access login

auth_header="X-Authentication: $(puppet-access show)"
uri="https://$(puppet config print server):4433/activity-api/v1/events?service_id=classifier"

curl --insecure --header "$auth_header" "$uri"

Authentication using whitelisted certificate

You can also authenticate requests using a certificate listed in RBAC's certificate whitelist, located at /etc/puppetlabs/console-services/rbac-certificate-whitelist. Note that if you edit this file, you must reload the pe-console-services service (run sudo service pe-console-services reload) for your changes to take effect.

Attach the certificate using the command line, as demonstrated in the example curl query below. You must have the whitelisted certificate name (which must match a name in the /etc/puppetlabs/console-services/rbac-certificate-whitelist file) and the private key to run the script.

Bash
type_header='Content-Type: application/json'
cert="$(puppet config print hostcert)"
cacert="$(puppet config print localcacert)"
key="$(puppet config print hostprivkey)"
uri="https://$(puppet config print server):4433/activity-api/v1/events?service_id=classifier"

curl --header "$type_header" --cert "$cert" --cacert "$cacert" --key "$key" "$uri"

You do not need to use an agent certificate for authentication. You can use puppet cert generate to create a new certificate specifically for use with the API.

How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.