Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-3121

Allow API token based auth mechanism for API requests

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • Professional Edition
    • API

    Description

      Relying on the webUI's auth mechanism for API auth is painful, particularly so when using LDAP or RADIUS external modules, which can cause long delays/timeouts with auth, impacting software integrations against Observium. It also means that some kind of service account needs to be defined in the external authentication store, which opens a can of worms in terms of compliance and security policy with respect to password expiration and enforced changes over time.

       

      Attached .sql defines a new table for SQL schema, 'api_tokens'. API tokens are intended to be tied to a mysql defined user in order to perform RBAC based on user levels in API if implemented.

       

      Attached .diff adds code to support 'api_token' as an auth mechanism for requests beginning with the URI '/api/'

       

      Authentication for webUI is not impacted.

       

      Default for API auth mechanism inherits from top level auth mechanism to avoid impacting existing API auth methods by users.

      Attachments

        Activity

          People

            adama Adam Armstrong
            colin.stubbs Colin Stubbs
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: