Authentication Service
The Authentication service enables you to manage authentication tokens for running API commands.
The following API commands enable you to manage authentication tokens:
authentication token::create
The authentication token::create command enables you to create an authentication token for the logged-in user.
A successful response returns a token value, as well as several additional token properties.
You specify this token in subsequent API requests.
You must specify a token even in the API request for creation of a new token. Therefore, to create your very first API token, you can choose one of the following methods:
-
Specify a Session token, as described in Session Service or in Authentication Tokens.
-
Create your very first API token through the Control-M user interface, as described in Creating an API Token. After creating an initial token through the UI, you can proceed with all other token management tasks through the API.
As soon as you have an API token, you no longer need to create Session tokens (the only type of token available in previous versions of Control-M Automation API).
CLI Syntax
ctm authentication token::create -f <tokenDefinition.json>
Where <tokenDefinition.json> is the full path and name of a .json payload file that contains token details. Here is an example for the content of this file:
{
"tokenName": "emuser1-token",
"expirationDate":"2020-12-02",
"roles": ["Admin","User"]
}
The following table describes the authentication token::create command parameters.
Parameter |
Description |
---|---|
tokenName |
A unique name for the token |
expirationDate |
A future date when the token will expire, in YYYY-MM-DD format Expiration is based on the UTC timezone. If you do not specify this property, the default is no expiration. |
roles |
A list of roles for which the token grants access The logged-in user must be a member of all specified roles. This parameter is mandatory, that is, you must specify at least one role. |
If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation Input.
REST API Syntax
Example using cURL:
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token" #for a session token
curl -H "$AuthHeader" -H "Content-Type: application/json" -X POST "$endpoint/authentication/token" -d @tokenDefinition.json
For selecting the AuthHeader value ("Authentication: Bearer $token" or "x-api-key: $token"), see Authentication Tokens.
authentication token::update
The authentication token::update command enables you to update an authentication token of the logged-in user.
A successful response returns an updated list of token properties.
CLI Syntax
ctm authentication token::update -f <tokenDefinition.json>
Where <tokenDefinition.json> is the full path and name of a .json payload file that contains token details.
The contents of this file for an update request are the same as for a creation request (authentication token::create). Note the following guidelines for an update action:
-
You can update the expiration date of the token and the roles associated with the token. You cannot modify the name of the token.
-
All parameters must be included in the .json file, even those that you are not updating.
To obtain current values of all parameters, you can use one of the get commands before running an update action.
If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation Input.
REST API Syntax
Example using cURL:
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token" #for a session token
curl -H "$AuthHeader" -H "Content-Type: application/json" -X PUT "$endpoint/authentication/token" -d @tokenDefinition.json
For selecting the AuthHeader value ("Authentication: Bearer $token" or "x-api-key: $token"), see Authentication Tokens.
authentication token::delete
The authentication token::delete command enables you to delete an authentication token of the logged-in user.
CLI Syntax
ctm authentication token::delete <tokenName>
If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation Input.
REST API Syntax
Example using cURL:
tokenName=myToken
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token" #for a session token
curl -H "$AuthHeader" -H "Content-Type: application/json" -X DELETE "$endpoint/authentication/token/$tokenName"
For selecting the AuthHeader value ("Authentication: Bearer $token" or "x-api-key: $token"), see Authentication Tokens.
authentication token::get
The authentication token::get command enables you to retrieve details of an authentication token of the logged-in user.
CLI Syntax
ctm authentication token::get <tokenName>
REST API Syntax
Example using cURL:
tokenName=myToken
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token" #for a session token
curl -H "$AuthHeader" -H "Content-Type: application/json" "$endpoint/authentication/token/$tokenName"
For selecting the AuthHeader value ("Authentication: Bearer $token" or "x-api-key: $token"), see Authentication Tokens.
authentication tokens::get
The authentication tokens::get command enables you to retrieve a list of authentication tokens for the logged-in user, including the details of each token.
CLI Syntax
ctm authentication tokens::get
REST API Syntax
Example using cURL:
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token" #for a session token
curl -H "$AuthHeader" -H "Content-Type: application/json" "$endpoint/authentication/tokens"
For selecting the AuthHeader value ("Authentication: Bearer $token" or "x-api-key: $token"), see Authentication Tokens.