Idea Details

Password encryption and tokens for REST authentication

Last activity 18 days ago
Chad Hill's profile image
02-14-2020 03:57 PM

We can use an Automic encoded password inside ini files, such as ucsrv.ini. It would also be useful if Automic(Broadcom) could enhance the REST authentication to accept their propietary encoded password string.

Perhaps offer the option to create a security token, using an encoded password string produced by the UCYBCRYP.exe encryption tool.

Possible example with token:

#Create new token perhaps once a day?
TOKEN=`/usr/bin/curl -H "Authorization: Basic ${LOGIN_CREDS}" -H "Content-Type:application/json" https://myautomichost:8088/ae/api/v1/${CLIENT}/tokens -X GET | grep token | <additional syntax to parse string>`
echo "${TOKEN}" > ${TOKEN_FILE}

#Referencing the token later ...
/usr/bin/curl -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "https://myautomichost:8088/ae/api/v1/${CLIENT}/objects/ -d "${OBJECT_PROPERTIES}" -X POST

Currently the REST service only accepts the user id and password in clear text. If it accepted a token or at least the Automic encoded password, this could prevent some accidental exposure of the credentials at the source.

Thanks for considering this request.