Authentication and Authorization¶
Authorization to invoke BIG-IP Declarative Onboarding includes authorization to GET declarations stored in BIG-IP Declarative Onboarding.
BIG-IP Declarative Onboarding does not require its own credentials, however you must have administrator credentials for the BIG-IP that is running BIG-IP Declarative Onboarding.
Because BIG-IP Declarative Onboarding is an iControl LX extension, you can authenticate by including one of the following header values in your HTTP requests.
Basic Auth¶
To use Basic authentication, add a new request header: Authorization: Basic {Base64encoded value of username:password}
.
(If using a RESTful API client like Postman, in the Authorization tab, type the user name and password for a BIG-IP user account with Administrator permissions, which automatically adds the encoded header.)
Token Auth¶
To use Token Authentication, add a new request header: X-F5-Auth-Token: {tokenValue}
If you need to create a new token, use the following syntax:
POST /mgmt/shared/authn/login
Host: {{bigip_host}}
Authorization: Basic {Base64encoded value of username:password}
Content-Type: application/json
{
"username":"{userWithCorrectPerms}",
"password":"{userPassword}",
"loginProviderName":"tmos"
}
By default, the token has an expiration time of 1200 seconds. To extend this time, use the following syntax:
PATCH /mgmt/shared/authz/tokens/{{bigip_auth_token}}
Host: {{bigip_host}}
Content-Type: application/json
X-F5-Auth-Token: {{bigip_auth_token}}
{
"timeout":"36000" //this is the maximum
}