Generating an API key for programmatic access

Use the Roles page to generate an API key that allows you the programmatic access to the TrueSight Capacity Optimization functionalities. You can use this key to authenticate the user tconnect to the TrueSight Capacity Optimization console when activating the custom ETL package using the ETL Development Kit (EDK) or to call the public APIs.

This option is available only when you apply Service Pack 1 (11.5.01) of TrueSight Capacity Optimization 11.5.

To generate the API key

  1. Log in to the TrueSight Capacity Optimization console.
  2. Select Administration > Users > Roles.
    The Roles page shows a summary table listing the currently defined user roles, their description, and the associated Remedy SSO (local or integrated LDAP) groups as external names, if applicable.
  3. Click the role name for which you want to generate the API key. 
    The detail page for the selected role is displayed in the working area, listing all activities assigned to the role.
    To use the API key in the EDK, you need to generate the key using the role that has the CUSTOM_ETL_DEPLOYMENT activity assigned. To use the key to call the public APIs, generate the key using the role that has activities related to public APIs, for example, Enable read access to Chargeback API.

  4. Click Generate API key
  5. On the Generate API key page, set the expiration date for the API key that is being generated. The expiration date is the date when the API key will no longer be useful for authentication. The default expiration date is one month from the date of the API key generation. You can also choose to not set the expiration date.
  6. Click Generate. The credentials are encrypted and downloaded as the credentials.key file.

Contents of the credentials.key file

The credentials.key file contains the following:

  • COConsoleURLThe URL of the TrueSight Capacity Optimization console from where you generated the API key.
  • Authorization: The authorization key. The token includes the role ID that generated the key, activities assigned to the role at the time of creation, and the expiration date of the key. After the key is generated, if there are any changes to the activities assigned to the role that generated the key, those changes will not be reflected in the already generated key. You can use this authorization key to make authenticated calls to any API. For more information, see Accessing the public APIs.

Example of the credentials.key file

{

"COConsoleURL":"https://coconsole:8443",

"Authorization":"Bearer eyJ0eXGciO...iJSUzIJzdWIiOiJFVEwgRU...NTc0NjQ0MDB9.o86LJGIt5nK5cWOUOoDaf...MF3o4N9baGWlQ"

}

To revoke API keys

You can revoke the API keys generated before a certain date when those keys are no longer needed or in the event of security theft. Revoking the keys allows you to deactivate all such keys at once and therefore restricting any unauthorized access. 

  1. Log in to the shell prompt of the Application Server as the cpit user and navigate to the <InstalledDirectory>/repository folder. Ensure that the cpit user has the necessary permissions to create files and folders.
  2. In the repository folder, create a folder named security
  3. In the security folder, create a file named api-keys.conf with the following structure.  

    api-keys.conf
    {
    	"revoke-before-date": "<Date>"
    }

    The format for Date is YYYY-MM-DD.
    For example,

    api-keys.conf
    {
    	"revoke-before-date": "2019-05-10"
    }

    In this example, all API keys generated before 10th May 2019 will be revoked. 
    After the file is created, it might take an hour to compare and revoke all tokens generated before the specified date. To force the immediate revocation, restart datahub and service container. 
    This process revokes the API keys generated from all Application Servers that share this repository. 



Was this page helpful? Yes No Submitting... Thank you

Comments