[rt-users] API key support for RT REST API

Craig Ringer craig at 2ndquadrant.com
Mon Jul 15 02:03:06 EDT 2013


On 07/13/2013 02:53 PM, Darren Spruell wrote:
> Hi,
> 
> Haven't found anything in searching for references, but I was wondering
> if RT currently has support for user authentication in the REST API
> using API keys/tokens. If not, is this something that has been discussed
> for future support?
> 
> We maintain an RT setup where we authenticate via a corporate LDAP (via
> ExternalAuth) and users authenticate to RT using their corp credentials.
> We'd like to do some utility scripting against the API and would be far
> more comfortable using a key/token that is useful only for the purposes
> of interfacing with RT. This would prevent unintentional unsafe handling
> of some users' credentials that might want to hardcode them in
> scripts/tools. Also an API key can somewhat simplify the process of
> interacting over sessions of multiple requests, replacing auth exchange
> and cookie stashing with a more stateless mechanism.

ExternalAuth falls back to RT's internal database, so you can add a
user/password used only for scripting and remote control purposes to the
internal user database.

If you want to masquerade as a given user for automation purposes that
won't work so well, though.

-- 
 Craig Ringer                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services



More information about the rt-users mailing list