Use the same simple and secure access control with one DDI overlay solution to ensure proper access even while automating workflows through the API.
May 12th, 2022
It's important to understand how to connect to REST APIs in the most secure, but also simple way. In this post we're going to go over authorization methods for accessing the Micetro API using Postman.
If you'd prefer to watch the video you can do that by clicking play below.
Before diving into the details of authorization let's talk about why an overlay solution is so important in terms of access control and simplicity. We do deep dive into overlays here, but to briefly define it; an overlay solution is software that communicates with several underlying services orchestrating consistent output no matter where your workloads reside. Micetro is a DNS, DHCP, and IPAM (DDI) overlay solution which manages your entire DDI environment in the cloud and on-premises.
So, for example, you might have an automation workflow which automates onboarding a new service. As part of that workflow you have to grab IP information and then create DNS records for the entirety of the application or service. Most applications will have multiple tiers which may or may not sit in the same site. The database tier may sit on-premises and use Microsoft or BIND DNS, while the app and web tiers sit in the public cloud using Route 53 from AWS or Azure DNS.
If you're using an overlay solution, like Micetro, you don't have to create different automation workflows based on the underlying service. We only create one workflow which uses the Micetro API, and then Micetro will communicate with the underlying services in the cloud or on-premises as appropriate. This creates the ability to not only simplify and consolidate the number of workflows necessary, it also creates consistency within our networks. Consistency leads to more reliable uptime as well as easier troubleshooting.
Before we can start using workflows, though, we need to be able to access the API. Micetro is a pure role-based access control that provides access control for your entire DDI environment again due to it's role as an overlay. In order to do anything in Micetro, you must have the correct permissions, whether you’re doing it via the UI or the APIs.
We can get to the API documentation similarly to how we navigate to the web UI, by going to:
https://<Micetro web service>/mmws/api/doc
As long as web services are installed, we should be able to get to the API documentation as well as use the Swagger backend. The documentation provides us everything we need to know to get started with automating DDI workflows. Let's do some quick information gathering by actually logging into the API, though, directly.
Using a web browser, go to:
https://<Micetro web services>/mmws/api/login
If we're already logged in to the Micetro web UI, what happens here is that we simply see a session ID and we are not prompted to login. This is because we already have a session open which happened when we logged in to the web UI. However, if we were to open another web browser or log out of our current session and go to that same URL, then we'll be prompted to login. When we login we'll have all the same permissions that we'd have in the web UI.
Let’s jump over to Postman and take a look at our options there. We'll start with a simple login here by using the GET command and the same URL we browsed to above. We'll then click on Authorization and select Basic Auth and enter our username and password.
After clicking Send we should get a Status: 200ok, which means we successfully authenticated. We also see a different session ID here, just like we saw in the web browser. This means we now have a session open from our Postman API client.
Let’s just take a look at the headers now to see what information we can glean. These headers were included in the packet sent to make the connection with the Micetro API. We can see here that is says Basic and it's followed by an encoded version of our username and password information. If we hover over each of these I (information) icons, we can get a description of each one which you can explore on your own. Let's jump to the bottom to the connection type. This connection will be kept alive, meaning we are now connected to the Micetro API and can continue using this connection. We can change this to close the connection after a call is made as well, though not very useful in this case.
The basic authentication is generally what we'll be using with Micetro if we don’t have Single Sign-On (SSO) set up. We can use NTLM Auth if we're using SSO, but we may need help from our Micetro admin to set this up. We may also use OAuth in some cases to set up authentication depending on how we're set up.
There are of course others that we can go through, and I’ll just cover a few of those quickly. First we have the Inherit auth from parent, we’ll talk about that more in a future blog when we show Postman collections, but it's what it sounds like. It takes on the authorization method and information of a parent.
There’s of course “No Auth” which means that the API might just be open. Of course, we want your data to be secure when you use Micetro so you won't be using this method. However, if you simply search for an open API you can give this method a try.
We also have the API key. You would need an API that requires API keys to use this authorization type. API keys are generally not considered secure anymore; they are typically accessible to a lot of people, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration.
The name “Bearer authentication” can be understood as “give access to the bearer of this token.” Again, you’d need an API capable of using this type of authorization.
Some of these other methods are specific to solutions, for example if you're using Akamai EdgeGrid you would choose that here.
We'd love to know more about how you're automating your environment or even better, how you'd like to! We're very interested in creating demos and documentation that will help you build the most valuable workflows. Please reach out any time to let us know. If you'd like to get started playing around, you can download a Free Trial of Micetro here.