Authenticating to the status API

This release was removed from general availability due to upgrade issues.
Docs for the latest available release are here.
This version is out of date. For current versions, see Puppet Enterprise support lifecycle.

Token-based authentication is not required to access the status API. You can choose to authenticate requests by using allowed certificates, or can access the API without authentication via HTTP.

You can authenticate requests using a certificate listed in RBAC's certificate allowlist, located at /etc/puppetlabs/console-services/rbac-certificate-allowlist. The certificate allowlist is a simple, flat file consisting of certnames that match the host, for example:
Note: If you edit the certificate allowlist, you must reload the pe-console-services service (run sudo service pe-console-services reload) for your changes to take effect.

The status API's endpoints can be served over HTTP, which does not require any authentication. This is disabled by default.

Tip: To use HTTP, locate the PE Console node group in the console, and in the puppet_enterprise::profile::console class, set console_services_plaintext_status_enabled to true.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.