HomeGuidesAPI ReferenceChangelog
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In

Authentication (CSRF Token & API Key)

The following code helps with automating API keys, login and enforcing CSRF token.

Login and check the CSRF Token

Both scripts are interacting with the REST API of an Aruba EdgeConnect Orchestrator, but they use different libraries to achieve the same result.

  1. The first script uses the pyedgeconnect library to interact with the Orchestrator. It creates an Orchestrator object with the IP address or FQDN of the Orchestrator, and the username and password of an account with API access. Then it logs in to the Orchestrator, retrieves a list of appliances, prints the list, and logs out.
 with pyedgeconnect                                                                                                                                                                                                                                                                                                                                                                                                                       | without pyedgeconnect                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ```python
    from pyedgeconnect import Orchestrator

    orch_fqdn = "10.1.30.110"
    orch_user = "api-admin"
    orch_password = "Don't Share This 1!"

    orch = Orchestrator(orch_fqdn, verify_ssl=False)

    # login with user/pass
    orch.login(orch_user, orch_password)

    # Contents of tasks to automate
    appliances = orch.get_appliances()

    print(appliances)

    # Log out of session
    orch.logout()
  1. The second script uses the requests library to interact with the Orchestrator. It creates a Session object, sends a POST request to log in to the Orchestrator with the provided username and password, retrieves a list of appliances with a GET request, prints the content of the response, and sends a GET request to log out of the session. The headers of the requests include an X-XSRF-TOKEN that was obtained from the Orchestrator after logging in.

In both scripts, verify_ssl=False is used to disable SSL certificate verification for simplicity. We do not recommend this for production environments.

    import requests

    session = requests.Session()

    orch_fqdn = "10.1.30.110"
    orch_user = "api-admin"
    orch_password = "Don't Share This 1!"
    login_type = 0  # 0 for local, 1 for radius, 2 for tacacs
    timeout_values = (9.15, 12)
    verify_ssl = False
    headers = {}

    # login with username/password
    login_response = session.post(
        f"https://{orch_fqdn}/gms/rest/authentication/login?source=menu_rest_apis_id",
        json={
            "user": orch_user,
            "password": orch_password,
            "token": "",
            "loginType": login_type,
        },
        verify=verify_ssl,
        timeout=timeout_values,
        headers=headers,
    )

    if login_response.status_code == 200:
        # get and set X-XSRF-TOKEN
        for cookie in login_response.cookies:
            if cookie.name == "orchCsrfToken":
                # This relates to the 'Enforce CSRF Check' under the
                # Advanced Security Settings in Orchestrator
                headers["X-XSRF-TOKEN"] = cookie.value

    get_appliances = session.get(
        f"https://{orch_fqdn}/gms/rest/appliance?source=menu_rest_apis_id",
        verify=verify_ssl,
        timeout=timeout_values,
        headers=headers,
    )

    print(get_appliances.content)

    # Log out of session
    session.get(
        f"https://{orch_fqdn}/gms/rest/authentication/logout?source=menu_rest_apis_id",
        verify=verify_ssl,
        timeout=timeout_values,
        headers=headers,
    )

apiKey

The script enables one to login to thier Orchestrator instance and is able to create and API key, retrieve an API key and also print the API key to console. You will need to make sure you are using pyedgeconnect.

Login and retrieve and print API Key

python  
from pyedgeconnect import Orchestrator

######## ## Log into Orchestrator###########

# can pass api_key="abc123" in the orch string if using API authentication

orch = Orchestrator("172.16.3.20",verify_ssl=False)

# login with user/pass... Comment out if using API authentication above

orch.login("username", "password")  
api_key_name = "your_api_keyname"

######## ## Uncomment below to create new API key###########

# orch.add_api_key(

# name=api_key_name,

# permission="net_read_write",

# expiration=0,

# active=True,

# description="radius tool api key",

# )

# orch.logout()

######## ## Uncomment below to retreive specific API key###########

# retrieve_api_key = orch.get_api_key(api_key_name)

# api_key = retrieve_api_key["key"]

# orch.logout()

######## ## Print the API key to the console###########

# print(f"Your API Key is: {api_key}")

## Authors are Zach Camara and Shane Kindt