I am using Curl to make requests to the Jenkins API - which is being done over https.
Jenkins is setup in IIS using a reverse proxy as advised by Jenkins.
The Jenkins site has windows authentication.
I need to pass a Crumb with my request - 403 error.
However, when I request for the Crumb, it states that I need to provide a Crumb?
I need this to work via the command prompt/batch file.
Thanks
To be able to do API calls to Jenkins, you need to generate a token for a given user in Jenkins. For example, let's do it with user Foo. You'll need to sign in with Foo user and then in the web UI: Foo (right upper corner) > Configure > API token > Add new token.
When you have your token saved somewhere, you can retrieve the breadcrumb with this command:
curl --user Foo:<token> 'https://www.mysuperduperjenkins.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
What this is doing basically is fetching the XML from Jenkins that contains the breadcrumb and getting the specific element where the breadcrumb is. The result of the command should be something similar to:
Jenkins-Crumb:<someLongLongLongToken>
You can save the breadcrumb into a variable, for example name it breadcrumb and then:
curl -u 'Foo:<token>' -X POST --data '<parameters>' -H '$breadcrumb' www.mysuperduperjenkins.com
In this curl we're using the breadcrumb as a header, obtained in previous step. If the crumb is valid you should be able to perform the request without 403/401 errors.
Related
I've just started using the SonarQube Web API in my SonarQube instance. I generated a user token per the api documentation.
To test out using the API I tried doing a simple GET request using curl in Powershell like this:
curl -u [user token] http://[SonarQube instance IP address]/api/project_branches/list?project=UserAdmin
All I get is this response: {"errors":[{"msg":"Project \u0027UserAdmin\u0027 not found"}]}
I've tried doing the curl request and passing the project parameter like this -d 'project=UserAdmin' and I get the same error response.
I'm not sure what I'm doing wrong.
I solved the issue. When the API endpoint calls for the project name it's the project key not the display name.
To get the project key, go to your SonarQube instance -> Administration -> Projects. The key will be listed next to the project name.
I'm having problems authenticating Azure Devops API using console applications
After call Get Projects API on AzureDevOps i get a redirect... to login page
curl -u :${B64_PAT} "https://dev.azure.com/xxxxxxxxxxxx/_apis/projects?api-version=6.0"
Return:
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://spsprodsbr1.vssps.visualstudio.com/_signin?rea
I need call this API from a "Java Server Application", but I'm having a problem with this return to the login page. But I would like to follow Device Authentication flow
I can reproduce your issue on my side, to solve the issue, please pass your PAT directly to the command without base64 encode.
curl -u :<PAT> "https://dev.azure.com/xxxxxxxxxxxx/_apis/projects?api-version=6.0"
I have a script that I'd like to be able to access via a curl command against its https://raw.githubusercontent.com/... location. Using git.io, it's really easy to shorten this URL to something like https://git.io/ABCDE.
But there's an issue related to the fact that my script exists in a private repository. If I directly curl against the githubusercontent URL, I get 404: Not Found. I'm able to bypass this by passing an authorization header with the request, e.g.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://raw.githubusercontent.com/...
> !#/bin/bash
... # rest of script
However, when I use my shortened URL, I don't get anything back. Not even a 404.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://git.io/ABCDE
$
Anyone know what's going on here?
The way a URL shortener works is that it issues some sort of 3xx-series HTTP status code that redirects you to the new location, and then you make your request against that new location. However, by default, curl does not follow redirects, so all you see when you make your request is the output from git.io, which in this case is nothing.
If you want to follow redirects, then you should use the -L option to curl, which will make it follow redirects. Note that this can be insecure in many cases when passing credentials, since any credentials passed with -H will be passed to any remote server that the data is redirected to. In this case, that's what you want, but it can be a security problem in other cases if the credentials were only intended for the original server.
I am trying to get a secret out of Azure Key Vault. It is a very simple Restful API call. For example for all key, it is as simple as this:
GET {vaultBaseUrl}/secrets?api-version=7.0
where vaultBaseUrl is provided in Azure Console as Vault DNS name.
I am using console mode for testing
https://learn.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets#code-try-0
But the return value if always 404.
When I try curl in the Azure console, it gives 401 - Unauthorized.
However I can use the command line to get the secret out.
Is there any secret to making the restful call and curl work to get the secret out? All these situations use the same credentials.
A side questions is, that on the micorosft api testing page there is a 'Request Preview' section with a green Run button, almost as if it is inviting you to run the api, but the link is to learn.microsoft.com and the copy button on the box is disabled. I have never seen so many problems in one place, so I am thinking may be I don't understand something here.
The doc seems not to be correct. If you want to get the secret, you could use the Client credentials flow to get the access token and use it to get the secret.
Follow the steps as below.
1.Register an app in the Azure Active Directory, see this link. Get the application id and key, see this link. Add the service principal in the Access policies in your keyvault with the correct secret permission(just search the name of your AD App then add it).
2.In the postman, send a request to the url
POST https://login.microsoftonline.com/{your tenant id}/oauth2/token?api-version=1.0
Request body and complete sample(client_id and client_secret are the application id and key in step 1):
3.Copy the access_token in step 2, then use it as an Authorization token to call the api:
GET https://yourkeyvault.vault.azure.net/secrets?api-version=7.0
Besides, if you want to use CURL to get the secret, try the one like below. The TOKEN is the same with the access_token in step 2 above.
curl -X GET -H "Authorization: Bearer [TOKEN]" https://yourkeyvault.vault.azure.net/secrets?api-version=7.0
For more details about getting access_token via curl and complete steps, you could refer to this link. Don't forget to change the resource to https://vault.azure.net in the Request the Access Token step.
Pass Bearer token.There will be an Url to generate a token and pass it to authentication then u will donot get the error.
I am trying to use CloudFOundry REST calls to create app, bind service etc instead of using vmc or eclipse plugin. I know we can use vcap-java-client for this but I also wanted to test calling the REST services directly such as by using cUrl utility. Where do I find the REST urls and json structs corresponding to each vmc command ?
The best way for you to see the actual rest calls to the Cloud Controller is executing the vmc commands and add the -t. So for example:
vmc apps -t
So this vmc command will show you a list of your apps and so what you get out of the additional -t is a more verbose information which shows the Cloud Controller service you are calling. In this case it would be /apps
The same command on the bottom will give you the exact output you would get from the above vmc command:
curl -H "Authorization: <Your-Oauth-token>" https://api.cloudfoundry.com/apps
The Authorization token can also be found in the -t generated output. you need to copy the entire Authorization "bearer"
Sudipta,
When you login and run vmc apps -t, you should see the following output:
Getting applications. >>>
REQUEST: GET /apps
REQUEST_HEADERS:
accept : application/json
user-agent : Ruby
authorization : bearer <token>
content-length : 0
The authorization in REQUEST_HEADERS is what you would need to use.