Project

General

Profile

Actions

User story #3695

closed

User story #3000: Build a REST API to manage all actions in Rudder (CRUD on Nodes, Groups, Directives and Rules)

API Authentication

Added by François ARMAND over 11 years ago. Updated over 9 years ago.

Status:
Released
Priority:
1 (highest)
Category:
API
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

The API will be likely used by script, so we decided to split authentication for API from the one for Rudder user.

In place, we are going to use a dedicated admin page in Rudder, where we will be able to create new API authentication principals.

A principal is composed of:

- an ID (used for example as the actor in event logs)
- a token (a big random alpha-numeric secret, used for authentication)
- a description (to explain the intent for that principal, like "archiving script will use that token)

Principal can be added, what generate a token for them. They can be deleted, to. A token can be regenerated and revoked (principal marked as "can not authenticate").

From an API point of view, authentication is given ONLY with the authentication token (which must be uniq among all principals) in a header, so that the API call will look like:

curl -H "X-API-Token: the_token" https://rudder/api/...

Authentication token will be stored in some persistent media (likely to be our LDAP server).

Actions

Also available in: Atom PDF