Extend API token lifetime

[nick076]

Is there a way to extend token(ticket) time as currently is set to 2 hours.
I am gathering information from API , like CPU usage, Memory etc.. and creating sensors on Home Assistant which gets updated every minute.
I am trying to automate it.
Thanks

 

[oguz]

hi,

you get a new ticket again for 2 hours if you reauthenticate

 

[nick076]

hi,

you get a new ticket again for 2 hours if you reauthenticate

I am using this command , per docs:

curl -k -d "username=root@pam&password=yourpassword" https://10.0.0.1:8006/api2/json/access/ticket

.
then i copy paste Token to my Rest command :

- platform: rest
  resource: https://x.x.x.x:8006/api2/json/nodes
  name: API TEST
  verify_ssl: false
  headers:
    Cookie: 'PVEAuthCookie=PVE:root@pam:5E1BAB79::Cxmr3rm3SRDw....'
    content-Type: application/json
  method: GET

I am wondering if i can automate Re-authentication as you stated.
Thanks

 

[oguz]

you don't need to use curl. you can use anything else to make the initial request for authentication, save the ticket, and use it afterwards. (most scripting languages will do the job. you can even do it in bash by saving the ticket after running curl)

 

[nick076]

you don't need to use curl. you can use anything else to make the initial request for authentication, save the ticket, and use it afterwards. (most scripting languages will do the job. you can even do it in bash by saving the ticket after running curl)

So making sure i'm following you correctly:
1. i can use current token to query for API
2. after 2 hours i should create a script to do initial request for authentication (is this command for new ticket that goes here :
https://10.0.0.1:8006/api2/json/access/ticket ?)
3. with generated new ticket or cookie and should add that to my command which generates queries toward API

Apologies if stupid question, i am complete amateur in scripting.

 

[oguz]

1. i can use current token to query for API
2. after 2 hours i should create a script to do initial request for authentication (is this command for new ticket that goes here :
https://10.0.0.1:8006/api2/json/access/ticket ?)
3. with generated new ticket or cookie and should add that to my command which generates queries toward API

1. yes

2. for example you can write a method to authenticate to the access/ticket endpoint with your username & password and return the API ticket. also save the timestamp when you retrieve the ticket so you can renew it before 2 hours end. before each request you make call this method and check if the ticket is older than 1 hour for example. if yes reauth and return the new ticket.

3. yes

 

[oguz]

forgot to mention that you can also use your old ticket while reauthenticating with the endpoint ( to get a new ticket ).

that way you don't have to save your password

 

[nick076]

1. yes

2. for example you can write a method to authenticate to the access/ticket endpoint with your username & password and return the API ticket. also save the timestamp when you retrieve the ticket so you can renew it before 2 hours end. before each request you make call this method and check if the ticket is older than 1 hour for example. if yes reauth and return the new ticket.

3. yes

Thank you

 

[fabian]

I've also started working on implementing proper 'API token' functionality that would allow stateless API usage:
https://pve.proxmox.com/pipermail/pve-devel/2019-November/040581.html

I'll pick that up again in the coming weeks.

 

[nick076]

I've also started working on implementing proper 'API token' functionality that would allow stateless API usage:
https://pve.proxmox.com/pipermail/pve-devel/2019-November/040581.html

I'll pick that up again in the coming weeks.

Great news, looking forward to it!