Platform

Platform

A place for Apptio product users to learn, connect, share and grow together.

 View Only
Back to Library

User authentication using APIs 

Fri July 28, 2017 02:59 PM

Applies to: v11, v12, v12.1, v12.2+ 

 

In this article:

You can accomplish API authentication in one of two ways:

  • Authentication using API Keys; OR
  • If you are trying to access an older v.11 system, basic authentication using a user account and password.

Apptio is now using API Keys for API authentication. Using username/password for authentication is chiefly supported for v.11 systems only. The following table shows which authentication method to use based on the Apptio version:

 

Apptio versionAuthentication method to use
v.11.x, v.12.0, v.12.1Username/Password
v.12.2+

API Keys (preferred)

Username/Password (not recommended)

 

To understand API Keys and why they are the preferred authentication method to use, read API keys and Frontdoor: Overview and FAQs.

 

Steps for User Authentication in v.12.2+ systems (any application using Frontdoor)

  1. Use API Keys or a Username/Password to authenticate against Frontdoor and to obtain an Apptio OpenToken.
  2. Get the Frontdoor Environment ID for the Environment in which your Costing Application is entitled using the 'apptio-opentoken' that you obtained in Step 1.

 

When you have the open token and environmen,t you use those in subsequent REST API calls to upload or download data using the Apptio API. These values are passed in the header as values for 'apptio-opentoken' and 'apptio-current-environment'.  This is demonstrated in the cURL example below.

 

cURL Example

Here is the example that obtains the list of projects in the environment. 

 

NOTE  This example is broken into three lines for visibility. When actually executing, this would be on one line and the apptio-opentoken and the apptio-current-environment must be passed.

 

 curl -X GET https://customer.apptio.com/biit/api/v1/projects
 -H 'apptio-opentoken:36d9c8b4129e835218952c229ccfcaf9ab1906e43d6da66a0a57ae426aab71a607c16bea57a198b5f8aae8ae509d9d0c'
 -H 'apptio-current-environment:d8829ad7-0e9e-4938-b181-89d9c9d5dac9'

 

For all further API calls that use this authentication session, keep the cookies (apptio-opentoken and apptio-current-environment) intact to help ensure that additional (redundant) sessions are not established with each API call. In applications, such as Postman, these cookies are kept intact by default. In cURL and other scripting languages, you might need to explicitly add a cookie file to the parameters.

 

This article is open for your feedback. At the bottom of this screen, click Add a comment.




#TBMStudio

Statistics
0 Favorited
53 Views
0 Files
0 Shares
0 Downloads

Comments

Apptio Community Member
Thu November 19, 2020 12:15 PM

Awesome! that is great to hear 


#TBMStudio

Apptio Community Member
Thu November 19, 2020 12:13 PM

In rereading the documentation, I have now adjusted my curl query to return the headers and now see the open token in the headers that are returned.  I had been looking in the body of the return.  Hopefully this will help others.

In my php code I should have added the line:

curl_setopt($ch, CURLOPT_HEADER, 1);

to return the headers.


#TBMStudio

Apptio Community Member
Thu November 19, 2020 10:30 AM

Hey Yosh Schulman, are you directly hitting the API using secret and public key. The flow would be to get the open token and environment variable and then use that openToken to hit the API.


#TBMStudio

Jenny Franklin
Thu November 19, 2020 10:16 AM

Hi Yosh Schulman - if no one responds to this or your other question, a good idea is to post a status update and include a link to the question - that will drive more traffic to your posts.


#TBMStudio

Apptio Community Member
Wed November 18, 2020 05:10 PM

I am using PHP curl command but getting an unexexpected result:

$post = json_encode(array("keyAccess"=>$pubKey,"keySecrect"=>$secret));

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://frontdoor.apptio.com/service/apikeylogin');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

$headers = array();
$headers[] = 'Accept: application/json';
$headers[] = 'content-type: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);

print_r($result);

[{"message":"may not be null","messageTemplate":"{javax.validation.constraints.NotNull.message}","path":"AuthResource$$EnhancerByGuice$$e6795dc0.nonuiLoginApikey.arg0.secretKey"}]

Any direction on how to get this working so I can get the apptio_opentoken?


#TBMStudio

Apptio Community Member
Mon August 10, 2020 04:16 PM

For those trying to access Apptio API with Python. Below is a Python script to login/access

 

import requests
import  json
import  os
from requests.auth import  HTTPBasicAuth

def get_opentoken():
    url="https://frontdoor.apptio.com/service/apikeylogin"
    payload = {'keyAccess': "public key here",
               'keySecret': 'secret key here'}
    headers={
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        }
    result=requests.post(url,json=payload,headers=headers,verify=False)
    #print(result.cookies)
    var=result.cookies.get_dict()
    return var['apptio-opentoken']

def get_env():
    apptio_opentoken=get_opentoken()
    url = "https://frontdoor.apptio.com/api/environment/{domain}/main"
    headers = {
        'Content-Type': 'application/json',
        'application-opentoken': str(apptio_opentoken),
        'Cookie': f"apptio-opentoken={apptio_opentoken}"
    }
    result = requests.get(url, headers=headers,  verify=False)
    env=res_json["id"]
    dict={'apptio_opentoken':apptio_opentoken,'env':env}
    return dict

#TBMStudio

Apptio Community Member
Sat May 30, 2020 08:54 PM

Seeing timeout error when trying to access the cutomer.apptio.com, Is this URL still valid to get the projects list ?

(7) Failed to connect to customer.apptio.com port 443: Timed out


#TBMStudio

Apptio Community Member
Fri August 23, 2019 02:02 PM

Hello,

 

What roles have the ability to view the API for tables in our interface?

 

Regards,

 

Jay


#TBMStudio

Dan Kelly
Wed August 21, 2019 06:01 PM

For those using C# the following code works as a starting point in C# with .NET 4:

 

using System;
using System.IO;
using System.Net;
using System.Text;
using System.Collections.Generic;
using System.Web.Script.Serialization;

namespace Test
{
    class Test 
    {
        static void Main() 
        {
               ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
               
               HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://frontdoor.apptio.com/service/apikeylogin");
               request.Method = "POST";
               request.ContentType = "application/json";
               request.Accept = "application/json";
               
               Dictionary<string, string> values = new Dictionary<string, string>();
               values.Add("keyAccess", "<PUB KEY HERE>");
               values.Add("keySecret", "<SECRET KEY HERE>");

               var serializer = new JavaScriptSerializer();
               var postData = serializer.Serialize(values);
               
               Console.Out.WriteLine("-------------------");
               Console.Out.WriteLine(request.Address);
               Console.Out.WriteLine(request.Host);
               Console.Out.WriteLine(request.Headers);
               Console.Out.WriteLine(postData);
               Console.Out.WriteLine("-------------------");
               
               byte[] bytes = Encoding.UTF8.GetBytes(postData);
               request.ContentLength = bytes.Length;

               try {
                    Stream requestStream = request.GetRequestStream();
                    requestStream.Write(bytes, 0, bytes.Length);
                    
                    WebResponse response = request.GetResponse();
                    Stream stream = response.GetResponseStream();
                    StreamReader reader = new StreamReader(stream);
                    
                    var result = reader.ReadToEnd();
               
                    Console.Out.WriteLine("-------------------");
                    Console.Out.WriteLine(result);
                    Console.Out.WriteLine(response.Headers);
                    Console.Out.WriteLine("-------------------");
                    
                    stream.Dispose();
                    reader.Dispose();
               }
               catch (System.Net.WebException e) {
                    Console.Out.WriteLine("==============");
                    Console.Out.WriteLine("Status Code : {0}", ((HttpWebResponse)e.Response).StatusCode);
                    Console.Out.WriteLine("Status Description : {0}", ((HttpWebResponse)e.Response).StatusDescription);
                    Console.Out.WriteLine("Headers : {0}", ((HttpWebResponse)e.Response).Headers);
                    Console.Out.WriteLine("==============");
               }

          }
     }
}

#TBMStudio

Sanjay Valiyaveettil
Wed January 17, 2018 05:08 PM

Here are some tips from my experience:

  • If you are a Windows user, replace the single quotes with double quotes.
  • It is probably better to install cURL rather than use the powershell equivalent. Click here for a useful link.
  • A simple way to test if your URL works is to log into apptio via your browser and paste the URL into the URL bar. If the data is downloaded, then you know that problem is with authentication and not with the URL.
  • For R11, if you have SSO, the API password is NOT your SSO password. You can set the API password using the following steps:
    • Goto Home > Studio > Users
    • Find the username you will use for API requests and right click and select Edit...
    • Enter the password and confirm password fields 
    • Click OK

#TBMStudio