Authentication service

The Authentication service enables you to manage authentication tokens for running API commands.

authentication token::create

Creates an authentication token for the logged-in user.

A successful response returns a token value, as well as several additional token properties.

You specify this token in subsequent API requests.

Note

You must specify a token even in the API request for creation of a new token. Therefore, to create your very first API token, you can choose one of the following methods:

  • Specify a Session token, as described in Session-service or in Authentication tokens.
  • Create your very first API token through the Control-M user interface, as described in Creating an API Token in the Control-M documentation. After creating an initial token through the UI, you can proceed with all other token management tasks through the API.

As soon as you have an API token, you no longer need to create Session tokens (the only type of token available in previous versions of Control-M Automation API).

CLI Syntax

ctm authentication token::create  -f <tokenDefinition.json>

Where <tokenDefinition.json> is the full path and name of a .json payload file that contains token details. Here is an example for the content of this file:

{
 "tokenName": "emuser1-token",
 "expirationDate":"2020-12-02",
 "roles": ["Admin","User"]
}

The following parameters are used to define token data in the .json file:

Parameter

Description

tokenName

A unique name for the token

expirationDate

A future date when the token will expire, in YYYY-MM-DD format

Expiration is based on the UTC timezone.

If you do not specify this property, the default is no expiration.

roles

A list of roles for which the token grants access

The logged-in user must be a member of all specified roles.

This parameter is mandatory, that is, you must specify at least one role.

If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation input.

REST API Syntax

See REST API reference.

Example using  curl:

REST API
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token"  #for a session token

curl -H "$AuthHeader" -H "Content-Type: application/json" -X POST "$endpoint/authentication/token" -d @tokenDefinition.json

authentication token::update

Updates an authentication token of the logged-in user.

A successful response returns an updated list of token properties.

CLI Syntax

ctm authentication token::update -f <tokenDefinition.json>

Where <tokenDefinition.json> is the full path and name of a .json payload file that contains token details.

The contents of this file for an update request are the same as for a creation request. Note the following guidelines for an update action:

  • You can update the expiration date of the token and the roles associated with the token. You cannot modify the name of the token.
  • All parameters must be included in the .json file, even those that you are not updating.
    To obtain current values of all parameters, you can use one of the get commands before running an update action.

If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation input.

REST API Syntax

See REST API reference.

Example using  curl:

REST API
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token"  #for a session token

curl -H "$AuthHeader" -H "Content-Type: application/json" -X PUT "$endpoint/authentication/token" -d @tokenDefinition.json

authentication token::delete

Deletes an authentication token of the logged-in user.

CLI Syntax

ctm authentication token::delete <tokenName>

If annotation is enabled for the Scheduling definitions, Configuration management, or Control-M security category in Control-M, you must also provide an annotation to justify your action. For more information, see Annotation input.

REST API Syntax

See REST API reference.

Example using  curl:

REST API
tokenName=myToken
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token"  #for a session token

curl -H "$AuthHeader" -H "Content-Type: application/json" -X DELETE "$endpoint/authentication/token/$tokenName"

authentication token::get

Retrieves details of an authentication token of the logged-in user.

CLI Syntax

ctm authentication token::get <tokenName>

REST API Syntax

See REST API reference.

Example using  curl:

REST API
tokenName=myToken
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token"  #for a session token

curl -H "$AuthHeader" -H "Content-Type: application/json" "$endpoint/authentication/token/$tokenName"

authentication tokens::get

Retrieves a list of authentication tokens for the logged-in user, including the details of each token.

CLI Syntax

ctm authentication tokens::get

REST API Syntax

See REST API reference.

Example using  curl:

REST API
AuthHeader="x-api-key: $token"
# AuthHeader="Authentication: Bearer $token"  #for a session token

curl -H "$AuthHeader" -H "Content-Type: application/json" "$endpoint/authentication/tokens"

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*