This method requires client key and certificate files, along with the app UUID.
C#
// Create PKCS#12 keystore
$ openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name "my-sdkms-app" -out client-sdkms.p12
// Above asks for password to be set. Note this password
// C# code
using System.Security.Cryptography.X509Certificates;
X509Certificate2 certificate = new X509Certificate2("client-sdkms.p12", <pkcs12-keystore-pass>);
Configuration.Default.BasePath = "<Endpoint URL>";
Configuration.Default.Username = "<App UUID>";
Configuration.Default.ApiClient.RestClient.ClientCertificates = new X509CertificateCollection() { certificate };
AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");
Go
certFile := "client-crt.pem"
keyFile := "client-key.pem"
cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
caCertPool := x509.NewCertPool()
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
transport := &http.Transport{TLSClientConfig: tlsConfig}
http_client := &http.Client{Transport: transport}
ctx := context.Background()
client := sdkms.Client{
Endpoint: "<Endpoint URL>",
HTTPClient: &http_client,
}
_, err := client. AuthenticateWithUserPass(ctx, <App UUID>, "")
Java
The client certificate and client private key must be supplied in a PKCS#12 keystore.
// Create PKCS#12 keystore
$ openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -name "my-sdkms-app" -out client-sdkms.p12
// Set the keystore in Java program
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", </path/to/client-sdkms.p12>);
System.setProperty("javax.net.ssl.keyStorePassword", <password of the PKCS#12 archive>);
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(<Endpoint URL>);
apiClient.setUsername(<App UUID>);
AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
AuthResponse authResponse = authenticationApi.authorize();
ApiKeyAuth bearerTokenAuth = (ApiKeyAuth) apiClient.getAuthentication("bearerToken");
bearerTokenAuth.setApiKey(authResponse.getAccessToken());
bearerTokenAuth.setApiKeyPrefix("Bearer");
Python
config = sdkms.v1.Configuration()
config.host = "<Endpoint URL>"
config.username = <App UUID>
config.cert_file = <client-cert.pem>
config.key_file = <client-key.pem>
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer'
REST API using curl
$ curl <Endpoint URL>/sys/v1/session/auth -X POST -u <App UUID>: --cert <client-cert.pem> --key <client-key.pem>
> {"token_type":"Bearer","expires_in":600,"access_token":"YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g","entity_id":"7916b324-33a1-4a06-8778-59ec0492bb10"}
#if prompts for password, just press enter
#use the "access_token" as Bearer Auth in other API requests. E.g:
$ curl <Endpoint URL>/other_apis -H 'Authorization: Bearer YhXwwa- 6C...L9kRxswmPZkEFQ2ig5g ' --cert <client-cert.pem> --key <client-key.pem> ...
Comments
Please sign in to leave a comment.