Authentication
These are the steps to authentication a machine. You can call the API using your own user JWT for testing purposes. It is located in the ~/.runops/config directory after you login with the CLI.
Generate a client id and client secret
Ask someone from runops to provide your company a client-id and a client-secret.
Those are super secret, and in the wrong hands, can cause some damage (i.e. run tasks on organisation behalf).
Get an authorization token
The token is issued by our auth provider (auth0), and the initial request is done directly on their domain.
# request
curl --request POST \
--url https://runops.us.auth0.com/oauth/token \
--header 'Content-Type: application/json' \
--data '{
"client_id": "we will",
"client_secret": "give you",
"audience": "https://runops.us.auth0.com/api/v2/",
"grant_type": "client_credentials"
}'
#response
{
"access_token": "eyJhb...czVEV5WSJ9.eyJodHR...",
"scope": "read:client_grants",
"expires_in": 86400,
"token_type": "Bearer"
}
Except for the client_id and client_secret, all other parameters should be sent as
per the example.
The response contains a JWT access_token, that is used on subsequent requests.
Requesting Runops API
Token must be sent as Bearer xxx in the Authorization header of the request.
In this example, a list targets using the token:
curl --request GET \
--url 'https://api.runops.io/v1/targets' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJhbG...eyJod....j12DOa...'
Important considerations
- A
botuser will be created in your org, and used to perform all activities. (runops.bot@{your-org-domain}) - For analytics purposes, all actions taken with this token will be assigned to the bot user
- The bot user is subject to access control as any other user (using the
groupsflag) - The m2m credentials in the wrong hands can cause some harm