Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Brand Logo
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
close
  • Community Home
  • Forums
    • By Topic
    • By Topic
      EcoStruxure Building
      • Field Devices Forum
      • SmartConnector Forum
      EcoStruxure Power & Grid
      • Gateways and Energy Servers
      • Metering & Power Quality
      APC UPS, Critical Power, Cooling and Racks
      • APC UPS Data Center & Enterprise Solutions Forum
      • APC UPS for Home and Office Forum
      EcoStruxure IT
      • EcoStruxure IT forum
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • EcoStruxure Geo SCADA Expert Forum
      • Remote Operations Forum
      Industrial Automation
      • Alliance System Integrators Forum
      • AVEVA Plant SCADA Forum
      • CPG Expert Forum DACH
      • EcoStruxure Automation Expert / IEC 61499 Forum
      • Fabrika ve Makina Otomasyonu Çözümleri
      • Harmony Control Customization Forum
      • Industrial Edge Computing Forum
      • Industry Automation and Control Forum
      • Korea Industrial Automation Forum
      • Machine Automation Forum
      • Modicon PAC Forum
      • PLC Club Indonesia
      Schneider Electric Wiser
      • Schneider Electric Wiser Forum
      Power Distribution IEC
      • Eldistribution & Fastighetsautomation
      • Elektrik Tasarım Dağıtım ve Uygulama Çözümleri
      • Paneelbouw & Energie Distributie
      • Power Distribution and Digital
      • Solutions for Motor Management
      • Specifiers Club ZA Forum
      • Електропроектанти България
      Power Distribution NEMA
      • Power Monitoring and Energy Automation NAM
      Power Distribution Software
      • EcoStruxure Power Design Forum
      • LayoutFAST User Group Forum
      Energy & Sustainability Services
      • Green Building Scoring and Certification Forum
      Light and Room Control
      • SpaceLogic C-Bus Forum
      Solutions for your Business
      • Solutions for your Business Forum
      Support
      • Ask the Community
  • Knowledge Center
    • Building Automation Knowledge Base
    • Remote Operations Devices Knowledge Base
    • Geo SCADA Knowledge Base
    • Industrial Automation How-to videos
    • Digital E-books
    • Success Stories Corner
  • Events & Webinars
    • All Events
    • Innovation Talks
    • Innovation Summit
    • Let's Exchange Series
    • Partner Success
    • Process Automation Talks
    • Technology Partners
  • Ideas
    • EcoStruxure Building
      • EcoStruxure Building Advisor Ideas
      Remote Operations
      • EcoStruxure Geo SCADA Expert Ideas
      • Remote Operations Devices Ideas
      Industrial Automation
      • Modicon Ideas & new features
  • Blogs
    • By Topic
    • By Topic
      EcoStruxure Power & Grid
      • Backstage Access Resources
      EcoStruxure IT
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • Remote Operations Blog
      Industrial Automation
      • Industrie du Futur France
      • Industry 4.0 Blog
      Power Distribution NEMA
      • NEMA Power Foundations Blog
      Energy & Sustainability Services
      • Active Energy Management Blog
      Light and Room Control
      • KNX Blog
      Knowledge Center
      • Digital E-books
      • Geo SCADA Knowledge Base
      • Industrial Automation How-to videos
      • Remote Operations Devices Knowledge Base
      • Success Stories Corner
  • companyImpact

ITA REST API authentication method

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Communities
  • EcoStruxure IT
  • EcoStruxure IT forum
  • ITA REST API authentication method
Options
  • Subscribe to RSS Feed
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we?ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
Jef
Captain Jef Captain
76
APC_Steve
Commander APC_Steve Commander
54
gsterling
Commander gsterling Commander
49
Cory_McDonald
Lt. Commander Cory_McDonald Lt. Commander
15
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to EcoStruxure IT forum
Solved
Hannu1
Crewman Hannu1
Crewman

Posted: ‎2021-08-23 02:04 AM

0 Likes
5
839
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-23 02:04 AM

ITA REST API authentication method

Hello,

 

When DCO was using basic authentication, we noticed that ITA requires token based authentication at least with customer data.
Do we have any option to choose which authentication method to use when having on-premise installation.

 

Thanks

 

Labels
  • Labels:
  • IT Advisor
  • Tags:
  • english
Reply
  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
Hannu1
Crewman Hannu1
Crewman

Posted: ‎2021-08-24 11:49 PM

In response to gsterling
0 Likes
0
804
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-24 11:49 PM

I did a test by logon https://<itaserver>/api/current page, the page seems also giving error message when using the interface account.

 

I checked if some permission is missing from the account and noticed that when giving permission to 'User Rights and Authentication Servers' then api call went throw without errors. @gsterling  can I leave this permission or does this open security vulnerabilities?

 

Thanks

See Answer In Context

  • Tags:
  • english
Reply
Replies 5
gsterling
Commander gsterling Commander
Commander

Posted: ‎2021-08-23 08:39 AM

0 Likes
4
818
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-23 08:39 AM

Hello Hannu

 

Use of the REST api with ITA should require you use valid credentials from the ITA server. The capabilities in REST should then be based on the permissions of that user account. Once authenticated the same user account is then used for subsequent API calls using JWT tokens for session management.

 

Were you looking for other methods for accessing the REST apis?

 

Regards

 

Greg Sterling

  • Tags:
  • english
Reply
Hannu1
Crewman Hannu1
Crewman

Posted: ‎2021-08-24 02:37 AM

In response to gsterling
0 Likes
2
814
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-24 02:37 AM

Hi Greg,

 

Thanks for helping @gsterling.

I'm using an interface account which has Desktop Client and API permission. This account can insert customer data to DCO when ITA gives an error message; "[gLve95nOS0qvzRJAlXRmoA] [442339a8cc83] [com.apc.webservice.api.server.exception.mapper.APIExceptionMapper] (default task-30 gLve95nOS0qvzRJAlXRmoA) API client error: [100001] Invalid access - User with anonymized name 442339a8cc83 does not have access to add customers (Status Code: 403)".

 

I was wondering if authentication has changed for customer data. Rack data can be modified using API when customer data gives an error. API document tells that Desktop Client permission should be enough for interface, is this same for customer data or what can cause the error.

 

Thanks

  • Tags:
  • english
Reply
gsterling
Commander gsterling Commander
Commander

Posted: ‎2021-08-24 03:55 AM

In response to Hannu1
0 Likes
1
810
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-24 03:55 AM

Are you able to share a sample API call you're making?

API security has been tightened a bit since the DCO releases to make the API's more secure.

 

You are using logon credentials of a valid ITA user account when making the API call, correct? And that user account has permissions to make changes like adding customers?

 

If you browse to the https://<itaserver>/api/current page, logon using that user account, are you able to manually add/change a customer from that view?

 

Regards

 

Greg Sterling

  • Tags:
  • english
Reply
Hannu1
Crewman Hannu1
Crewman

Posted: ‎2021-08-24 11:49 PM

In response to gsterling
0 Likes
0
805
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-24 11:49 PM

I did a test by logon https://<itaserver>/api/current page, the page seems also giving error message when using the interface account.

 

I checked if some permission is missing from the account and noticed that when giving permission to 'User Rights and Authentication Servers' then api call went throw without errors. @gsterling  can I leave this permission or does this open security vulnerabilities?

 

Thanks

  • Tags:
  • english
Reply
davis84
davis84
Cadet

Posted: ‎2021-08-28 04:23 AM

In response to gsterling
0 Likes
0
781
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Posted: ‎2021-08-28 04:23 AM


@gsterling wrote:

Hello Hannu

 

Use of the REST api with ITA should require you use valid credentials from the ITA server. The capabilities in REST should then be based on the permissions of that user account. Once authenticated the same user account is then used for subsequent API calls using JWT tokens for session management.

 

Were you looking for other methods for accessing the REST apis?

 

Regards

 

Greg Sterling


 

Hello @gsterling,

 

Thanks for update and quick reply, Looking for same issue and i found lots of helpful information here, Really appreciate for help.

 

mycardstatement
  • Tags:
  • english
Reply
Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

Additional options
You do not have permission to remove this product association.
 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2023 Schneider Electric, Inc