Authenticating the command line client using API Keys

You can use API Keys to authenticate the command line client

The purpose of the following scenario is to show how to create and use an API Key to successfully authenticate the command line client.

The scope of the scenario is to list every folder defined in an engine.

  1. Login into the Dynamic Workload Console and navigate to Manage API Keys.
  2. In Manage API Keys, select an engine from the Engine name list and click Apply.
  3. Create an API Key:
    1. Click Add new.
    2. Select either Personal or Service from the Type list.
    3. In Name, type API_Key_Name.
    4. If you set the API Key type to Service, select the relevant groups from the Group Name list.
    5. Click Submit.
    6. The API Key token is displayed in the dialogue box. Save it and store it in a secure place.
    Note: API Keys expire by default after 365 days. You can set a custom duration for API Keys by adding the following parameters to the {INST_DIR}/usr/servers/engineServer/resources/properties/TWSConfig.properties file:
    com.ibm.tws.dao.rdbms.apikey.expiring.timeout = n.days
com.ibm.tws.util.jwt.apikey.expiration.date = n.days
    where com.ibm.tws.dao.rdbms.apikey.expiring.timeout = n.days determines the duration in days of any future API Key created, and com.ibm.tws.util.jwt.apikey.expiration.date = n.days determines when the status of future API Keys changes from Valid to Expiring.

    You need to restart WebSphere Application Server Liberty after adding the custom parameters and before creating new API Keys.

    This process must be repeated every time you want to change the duration and status change interval of new API Keys. API Keys that have been already created cannot be modified.

  4. Authenticate the command line client with the API Key token:
    1. Open the command line client configuration file:
      On Windows
      %userprofile%\.OCLI\config.yaml
      On Linux
      $HOME/.OCLI/config.yaml
    2. Add or replace the JWT property, entering the API Key token you generated in Step 3 as the property value.
    3. Save the file. The command line client is now authenticated.
  5. Access the list of available folders using command line client.
    1. Enter the command: composer list folder=@.

You have accessed an engine from a command line client authenticated with an API Key.