05-07-2018 07:31 AM - edited 05-07-2018 07:32 AM
I have poured through Veritas' documentation on the process for making calls to NBU 8.1.1 using its RESTful API.
But I'm unclear on something and I've hit a stumbling block. Is there a way to initiate a login without using a JWT (JSON Web Token) initially ? I'd really prefer not to leave the schema's (required ?) password in cleartext floating about, and I had thought I could replace the need for the token by using --cacert <certname> having previously used
curl -X POST https://masterservername:1556/netbackup/security/cacert -H 'content-type: application/vnd.netbackup+json;version=1.0' --insecure
... with which to generate the cert.
Thanks!
Solved! Go to Solution.
05-08-2018 05:14 AM
AFAIK, you can't skip login phase or use cert/token for that becasue token (JWT) has "validity" option and can be used for 86400 sec (1 day). You need the token for each request.
Logs in with the username and password and receives a JSON Web Token (JWT) that is used on all subsequent API requests.
--cacert -- just means that you'll validate the certificate during requests
The NetBackup web service always sends its certificate during SSL handshakes. This certificate can be validated by the API client. To validate the certificate, you will need to get the Certificate Authority (CA) certificate from the master server and then use the CA certificate in the API requests.
05-08-2018 05:14 AM
AFAIK, you can't skip login phase or use cert/token for that becasue token (JWT) has "validity" option and can be used for 86400 sec (1 day). You need the token for each request.
Logs in with the username and password and receives a JSON Web Token (JWT) that is used on all subsequent API requests.
--cacert -- just means that you'll validate the certificate during requests
The NetBackup web service always sends its certificate during SSL handshakes. This certificate can be validated by the API client. To validate the certificate, you will need to get the Certificate Authority (CA) certificate from the master server and then use the CA certificate in the API requests.
05-08-2018 06:56 AM
Thanks Mike! yep, confirmed this with Support after posting this thread. All good at this point.