Authenticating to the status API

Token-based authentication is not required to access the status API. You can choose to authenticate requests by using certificates, or you can access the API without authentication via HTTP.

You can authenticate requests using a certificate listed in RBAC's certificate allowlist, located at /etc/puppetlabs/console-services/rbac-certificate-allowlist. The certificate allowlist is a simple, flat file consisting of certnames that match the host, for example:
node1.example
node2.example
node3.example
Note: If you edit the certificate allowlist, you must reload the pe-console-services service (run sudo service pe-console-services reload) for your changes to take effect.

The status API's endpoints can be served over HTTP, which does not require any authentication. This is disabled by default.

Tip: To use HTTP, locate the PE Console node group in the console, and in the puppet_enterprise::profile::console class, set console_services_plaintext_status_enabled to true.