Using REST APIs

User interfaces use REST APIs to manage and access data and configuration information. You can also access the APIs directly, if needed. For example, you might want to update a particular user’s dashboard or the end point documentation.

 

Configuring the Client ID and Secret for Authentication with REST APIs

You must configure one Client ID and Secret to authenticate with the REST APIs. After you have established the secret, you might want to update it according to your password rotation policies.

If you update the secret, you must update all REST API clients to reflect the update.

  1. Generate your Client ID and Client Secret respectively.

    For example, you can use OpenSSL to generate random values that are more secure:

    For Client ID: 

    openssl rand -hex 16

    For Client Secret: 

    openssl rand -hex 32
  2. Log in to the CDF Management Portal.
  3. Click the browse icon  on the far right, then choose Reconfigure.
  4. In the Single Sign-on Configuration section, specify values for Client ID and Client Secret.
  5. Click Save.

 

Authenticating to and Calling the REST API

Before calling a REST API, you must authenticate your session, which involves generating an access and refresh token. The REST API client uses these tokens when you call the REST API server.

Modified this procedure per doc comments

  1. To generate access tokens, in your API client, use the method POST and the following URL:

    https://<cdf-machine-hostname>/osp/a/default/auth/oauth2/grant

    Select and specify Header and Body information as follows:

    1. Authorization
      1. Authorization type as Basic
      2. Client_ID:Client_Secret as base64 encoded
    2.  Header
      1. Content-Type as application/x-www-form-urlencoded
      2. Accept as application/json
    3. Body
      1. Enter grant_type and its value as password
      2. Enter username as Fusion User
      3. Enter password as Fusion User's Password
    For security reasons, the access token expires after 120 seconds of inactivity. You must use the refresh token to regenerate the access token again (next Step).


    For example:

    curl --location --request POST 'https://cdf.dom.lab/osp/a/default/auth/oauth2/grant' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic MDM0YzE2MzU1N2I0OTUxOWE5ZjRlYjVlNDBkOGJiZGQ6ZGEzMzA2NzBiMGQ0YWIzN2JjOGRhMzgyNDBiMjM2NzVlZDVkMjUwNTBkNzIzZmNjNDhmNDUxNGJjYzY0NTUwZA==' 
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=*****' \
--data-urlencode 'password=*****'


  1. To generate the access token again with the refresh token, in your API client, use the method POST and the following URL:

    https://<cdf-machine-hostname>/osp/a/default/auth/oauth2/token

    Select and specify Header and Body information as follows:

    1. Authorization
      1. Authorization type as Basic
      2. Client_ID:Client_Secret as base64 encoded
    2.  Header
      1. Content-Type as application/x-www-form-urlencoded
      2. Accept as application/json
    3. Body
      1. Enter grant_type and its value as refresh_token
      2. Enter refresh_token and its value generated in the previous step


    For example:

    curl --location --request POST 'https://cdf.dom.lab/osp/a/default/auth/oauth2/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--hheader 'Authorization: Basic MDM0YzE2MzU1N2I0OTUxOWE5ZjRlYjVlNDBkOGJiZGQ6ZGEzMzA2NzBiMGQ0YWIzN2JjOGRhMzgyNDBiMjM2NzVlZDVkMjUwNTBkNzIzZmNjNDhmNDUxNGJjYzY0NTUwZA==' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=eHwAIKfDMMMcpF1RDP3ytIm86_SVTe1IDypZZaJ0LKneGFAjc-VI56E-ac3i4u3mmjexs4f91pL_mIMlaYr7g955k74P3VBdNQQ5Vby8W2auZqIyFDzJTo_9RqV9bwDiHXm-tVKmNhyGA0TT6ODxe6rsqOL_G0mMTFVAQHdMYK0JocP5oCXpF8J4pohk34hHEBkDtFCS6sGpK-fLNo8jyr5W9XFBbKe47G8gZg1rfHOLEAuh1uZIB4K47Z810XLy6MJFs0oiaJ47Bgo2mgnitUt9My3CtSB-XUdKcbDizY6Ley--pPL4RLSSg6i7QYya3sHMMcJW1dfP2xgJSBJ7y1kgXIeekXQ4EyqWiEl9coUI4rFt7BS0Gt-2jd0_1uHQC5sXES5NOt8KcaoECV6Ub47AzBZQC31hYnCw28WZ0mr0vBwNmE1QcCRiTj--EQyPCiB6gdlahqkTMKQDZFF3G1uehCv5omEEKdRn2tvvb1Iu4vlmbwhoftxbiOPrcgjRdegqpcQtx-a8w_BWQ3s0_OpIz0TmdjFy0Ew9bPC9Jz1qf-oO5g_jShow_0SMk0Ua0Xph-IQ_7s5Na3IUBuCfRLaWNomuF5Sx6CycBg5TDS7zUdSiex2Pfsv-xzTdu0Nk-9PygJpPyqNuNJIKZCQRvG-GelYWbLzHBhdqY7nOqDZDjNj51HT37zIUQ070uHoqnGM8-rkv0WMIxEdNuyUuPOXFaigIELaYSiZ5OYOEWBWiWA17zrw1IMmUt7opone6PgBtGFESwsSSFyu6xrd8kUa5zjrieCrKsm0f5yVx7z98-VGqXf--LYxJp6I08TlS3azQ7dI2mjzWTXuo-2cyXMErOOi6dcsmUJw_2rSdrkr0Mk5StCl9uvCMXA74is1fGtjc6Coojc_DHYas8hr9jP8_RlrknMxXeUg49WuWyh00FznMCgCggO0GRc3HIwTlx63-IWmk3ugO-KI-XlM16EXSS0WJKBeN08pGh3o-w00Ct38z3xYhDEnicvr7AvlJNyAMmhGVJfVb-GzrtJyc6SGX0qnkdUWyZ5tjWxfibv5sp4aAjqAhoIUo63CjUNMQl72PDNoJ3PwdK5H7lcryeVfqZhUKyHrpUgvF0kXDdgYlVAdGXny_ztTSKm0puKc2lxW9XepIfR_gv-264GYhKCp6Lay609WvyHTAjfunewdRqRFj70jtUeJBA5A9xyooe8q2LJPGZZ4CpgOp2KFsR9ugRPvQe0e3PuR8WUgiQrtqz_m-ewUj-pOWtOSxpohLKhYsK6aPHGnYnN1wmTsnqq4ZAyaFh6EfmIO52lMrV_4Z9_JDN4_Sb7NQ1ULGARdNyxf8dj2V1H8XTKTDTEhoghkS7dyqNqA1YfxIqEf2a7TnY5Xcf0XFKBN0BgG2w5mIHCumHcNz8rFWJxCJDsfK9XlRVQM5Ml07V6IdZnuWDgA4-a-MmFeKyN8Q0ApRqOQWwTVe7ZqQMfrL2glIKqfqah9-QPtlEiIT1OpNa-OZkF4azBUBvX7uD1wNN765CI4sZAorC-ZO48SOOgGDftebLyqmSdA'


  2. Access your REST API endpoint.
    Prefix the term Bearer to Access or Refresh tokens before you pass them as headers in a REST API call.

 

Links to REST API Documentation

Name

REST API Endpoint Documentation
ArcMC and Fusion ArcMC https://<master_FQDN or IP>/arcmc/rest-api-docs

Database Monitoring

 https://<master_FQDN or IP>​​​/db-mon/rest-api-docs

ESM

 https://<esm-host>:8443/detect-api

Intelligence

Developer's Guide to ArcSight Intelligence

Recon

 https://<master_FQDN or IP>​​​​/rec/rest-api-docs

System Metadata

 https://<master_FQDN or IP>​​/metadata/rest-api-docs

Transformation Hub

 https://<master_FQDN or IP>:32080/rest-api-docs