Token-based Authentication
This feature verifies the identity of a user for accessing the GigaVUE-FM REST APIs by generating tokens.
GigaVUE‑FM allows you to generate a token only if you are an authenticated user and based on your privileges in accessing the GigaVUE‑FM. You can copy the generated tokens from the GUI, which can be used to access the REST APIs. Token inherits the RBAC privilege (read or write) of the user groups assigned to a particular user.
GigaVUE-FM enables the generation of multiple tokens and associates them with the corresponding user groups. If you have GigaVUE‑FM Security Management privileges with write access, you can revoke other users' tokens but not view the created tokens.
This section explains about the following:
Create, Copy Token
GigaVUE‑FM allows you to create a token or multiple tokens if required.
To create a token, follow these steps:
| 1. | Go to  , select Authentication > GigaVUE‑FM User Management. |
| 2. | In the User Management page that appears, click Tokens. |
Note: If you are a user with write access, then you can view a drop- down list under Tokens. Select Current User Tokens to create a token.
| 3. | Click New Token. |
| 4. | Enter a name for the new token in the Name field. |
| 5. | Enter the days until the token is valid in the Expiry field. |
| 6. | Select the user group for which you are privileged to access the GigaVUE‑FM from the User Group drop-down list. |
| 7. | Click OK to generate a new token. |
The generated token appears on the Tokens page. You can copy and use the generated token to authenticate the GigaVUE-FM REST APIs. You can also revoke the token if required.
| 8. | Select the token that you want to copy, click the Actions button drop-down list, and select Copy Token. The token is copied. You can paste in the required areas. |
Note: You cannot view the generated token. You can only copy and paste the generated token.
Revoke Token
Select the token that you want to revoke, click the Actions button drop-down list, and select Revoke to revoke a token.
Manage Tokens
You can only revoke tokens created by other users if you have write access in GigaVUE‑FM Security Management. To revoke tokens, follow these steps:
| 1. | Go to , select Authentication > GigaVUE‑FM User Management. |
| 2. | In the User Management page that appears, click Tokens. |
| 3. | Select Token Management from the drop-down list. You can view the token created by other users. |
| 4. | Select the token that you want to revoke, click the Action button, and then click Revoke. |
Export Token
GigaVUE-FM allows you to export selected or all the tokens in CSV and XLSX format.
| To export a token, select the token, click the Export Selected drop-down list box, and then select the CSV or XLSX format as per requirement. |
| To export all the tokens, select the token, click the Export All drop-down list box, and then select the CSV or XLSX format as per requirement. |
Using Token to access GigaVUE‑FM REST API
The following example shows how to access GigaVUE-FM REST APIs using tokens:
Example
import getpass
import requests # https://requests.readthedocs.io/en/latest/user/install/#install
FM_SERVER = '<FM_IP>'
GET_URL = f'https://{FM_SERVER}/api/v1.3/fabricResource'
try:
fm_token = getpass.getpass(prompt=f'Enter FM API token for FM server {FM_SERVER}: ')
except (KeyboardInterrupt, EOFError):
print(''); exit(2)
with requests.Session() as fm_session:
fm_session.headers.update({'Authorization': f'Bearer {fm_token}'})
fm_session.verify = True
#
response = fm_session.get(GET_URL, timeout=(5, 20)
print(f'status_code = {response.status_code}')
print(f'response = {str(response.text)}')
Rules and Notes
| Authentication using a token is an additional mechanism to access GigaVUE-FM REST APIs, and it does not replace the existing GigaVUE-FM authentication mechanism. |
| Only authenticated users can create tokens. |
| The token expires or becomes invalid under the following circumstances: |
| • | Based on the configured value for expiry. The default value is 30 days, and the maximum value is 105 days. |
| • | When a related user group that exists as part of the token is deleted, the corresponding token is deleted. |
| • | When there is a password change for the user(local), the corresponding token is deleted. |
| • | When there is a change in the authentication type, all the tokens are deleted. |
| During the back up and restoration of the GigaVUE‑FM, previously generated tokens will not be available. |
| In FMHA role changeover, master GigaVUE‑FM tokens are active. |
| For basic authentication, activities such as creating, revoking, and reviewing of Token APIs are restricted. |
| For expired or invalid tokens, you will see the error code 401 on GigaVUE‑FM REST API access. |
