In one of the discussions with my clients they asked the question on how to export and identify the list of users in the organization to ensure their compliance with regulations. They wanted to explore doing that using the toolkit APIs.
Once we started using the API Toolkit I realized quite quickly that I was rusty in using the APIs so thought to document it. I am hoping it would help other users of the platform to explore using the API Toolkit to perform such operations:
The steps are:
- Install and configure the toolkit with the required credentials:
- Identify the provider
- Login to the manager server
- Identify the organization
- Identify the user registries within the organization
- List the users in the registry
Install and configure the toolkit with the required credentials:
Log into the API Manager and select Download Toolkit
Download the toolkit and the toolkit credentials
From settings, identify the server end-point. I will be using it as <Server_Name>. It is used without the 'https' and without 'manager' at the end. In this example, it is <SERVER_NAME>/integration/apis/integration/small
Extract the zip file and the credential in the same location, then rename apic-slim to apic
run the command
chmod +x apic
./apic client-creds:set credentials.json
Identify the provider
if you are performing a standard log in using the command 'apic login'. The CLI will ask for information about the realm. This is structured as follows:
admin/<provider name> or provider/<provider name>.
To list the providers, use the following command
./apic identity-providers:list --scope provider --server <SERVER_NAME>
Example of the command
Login to manager sever
In my case, I used the OIDC login option as described in here
Identify the Organization
list the organizations using the following command. In my example the organization is called 'testorg' as shown below
./apic orgs:list --server <SERVER_NAME>
Identify the user registries within the organization
Now I can list the user registries in this organization using the following command
./apic user-registries:list -s <SERVER_NAME> -o <ORGANIZATION_NAME>
List the users in the registry
I should now be able to list all the users in the registry using the following command:
./apic users:list --server <SERVER_NAME> -o <ORGANIZATION_NAME> --user-registry <USER_REGISTRY>
The outcome should look like the following screenshot:
