To access the REST API, you will need to have a valid OTbase Inventory account. This account can either be an account associated with a specific individual or a dedicated account created specifically for a third-party software application that wishes to interact with the OTbase system (recommended).
Using A Dedicated API User Account
The benefit to creating a dedicated account for third-party applications is that it allows you to set certain boundaries and restrictions on what data can be accessed by the third-party application. This can be achieved by clearly defining and setting access rights within the OTbase Inventory user management system. For instance, it is possible to limit the scope of a given account to only allow access to inventory data of a specific site, building, or group of devices.
With the release of OTbase Inventory version 8.1, the we've expanded its authentication options to include both Basic Authentication and the newly integrated OAuth2. This update ensures users have flexible and secure methods to authenticate, catering to diverse security requirements and preferences.
Basic Authentication in OTbase Inventory continues to function as a straightforward method where access credentials are directly transmitted to the system. Despite the simplicity of this method, security is not compromised. The credentials, although transmitted directly, are never sent in plain text. The use of HTTPS for connections is strongly recommended, enhancing the security of data transmission. To utilize the REST API with Basic Authentication, users must configure their third-party applications, Postman in this case, accordingly and provide valid user account credentials for authentication within OTbase Inventory.
The introduction of OAuth2, or Open Authorization 2.0, brings a robust and standardized protocol for secure user authentication and authorization. To leverage the capabilities of OAuth, it must be activated in the system settings OAuth Enabled. Additionally, the mandatory configuration of Keys URL and Field Name is essential. Failure to provide these details results in a 400 Bad Request error message, signaling an incomplete or incorrect setup.
Following the configuration, a verification step ensures the proper activation of OAuth. If OAuth is not enabled, a 403 Forbidden error message is generated, restricting access to the protected resources. The Keys URL corresponds to a JSON list of keys, providing encryption details and unique Key IDs. This information is crucial for validating whether the token has been encrypted using the specified Key ID. The endpoint serves as a secure repository for managing encryption keys, enhancing the integrity and authenticity of the authentication process.
The Field Name represents the designated field or key for the unique username of the user stored in the system. This field is pivotal for cross-verifying the user, ensuring that the user possesses the correct permissions and group affiliations. By referencing this specific field, the system conducts comprehensive user validation, confirming the user's rights and group memberships.
Setting up Authentication In Python
To set up basic authentication using the Python Requests library, you can pass a tuple of username and password to the
auth parameter of the
requests.get() method. For example, if the username is "myusername" and the password is "mypassword", you can make a request to a URL as follows:
# Enter your hostname (for example: myserver.com or 127.0.0.1)
hostname = 'enterHostnameOrIP'
# Replace username and password with your username and password credentials
url = 'https://'+hostname+'/ot-base/api/v1/devices'
response = requests.get(url, auth=auth)
Setting Up Authentication In Postman
With our Postman collection, we've done the configuration for you. All you need to do is enter in your host name (the URL or IP address of your OTbase Inventory installation) and credentials.