Mandatory Request Headers for Redlock API - x-redlock-auth

L1 Bithead

Mandatory Request Headers for Redlock API - x-redlock-auth

Hi- I'm trying to use the API with Python and am having some trouble getting authorized to obtain data using the x-redlock-auth request header.

 

First, let me add the disclaimer that I'm no Python expert so the help is appreciated even if it seems basic. I also understand that PAN/ Redlock isn't here to teach us how to code but I'm looking for an API doc example at a minimum which seems reasonable.

 

BTW: the API documentation is great and it's cool that there are code examples!

 

That said, I'm left wondering about using the Python requests module and how to state the x-redlock-auth mandatory request header.

 

The docs say that the x-redlock-auth and Content-Type are mandatory. I can successfully declare declare content type as application/json using standard Python response module code.

 

I'm also able to get my JWT andI can define the content type ok as I can get my JWT and parse into a variable from the successful JSON response.

 

However, I don't see example code to use x-redlock-auth in the request header. 

 

In the examples there is a pop-up for x-redlock-auth prompting for the JWT but the code example doesn't refelct how to use in the params statement of the requests module.

 

Example code snippet from the REST API Doc's - generated using the the query params.

 

Live Community - New Message - Live Community 2019-05-01 10-37-28.jpgcode snippet from Redlock REST API docs

Can anyone provide an example of defining the headers for the required  x-redlock-auth mandatory request headers in the context of this?


Thanks for any help! Would love to automate Redlock login monitoring into a security validation workflow at my organization.

Tags (3)
L0 Member

Re: Mandatory Request Headers for Redlock API - x-redlock-auth

This is how I'm logging in to the API and setting up headers for subsequent requests using Python.

 

# Configuration
REDLOCK_API_URL           = 'https://api.redlock.io'
REDLOCK_CUSTOMER_NAME     = 'example.com'
REDLOCK_USER_NAME         = 'joe.smith@example.com'
 
redlock_api_headers = { 'Content-Type': 'application/json', 'x-redlock-auth': '', 'cache-control': 'no-cache' }
 
redlock_password = getpass.getpass("Enter RedLock password for {}: ".format(REDLOCK_USER_NAME))
 
# login to RedLock API
redlock_api_payload_login = {
  'username': REDLOCK_USER_NAME,
  'customerName': REDLOCK_CUSTOMER_NAME,
  'password': redlock_password
}
 
request_url = '{}/login'.format(REDLOCK_API_URL)
response = requests.request("POST", request_url, data=json.dumps(redlock_api_payload_login), headers=redlock_api_headers)
 
redlock_api_headers['x-redlock-auth'] = json.loads(response.text)['token']
L1 Bithead

Re: Mandatory Request Headers for Redlock API - x-redlock-auth

A similar alternative to the above:

 

import requests
import json

def login()
    header = {'Content-Type':'application/json'}
    payload = {'username':'redlock_user','password':'redlock_pw','customerName':'customer_name'}
    API = 'https://api.redlock.io'

    response = requests.request('POST', '{}/login'.format(API), json=payload, headers=header)

    json_response = response.json()

    return json_response['token']

JWT_TOKEN = login()

REQ_HEADER = {'Content-Type':'application/json','x-redlock-auth':JWT_TOKEN}

# Example data pull
response = requests.request('GET', '{}/cloud'.format(API), headers=REQ_HEADER)

cloud_accounts = json.loads(response.text)

That small code snippet should load all cloud account instances in RedLock and save them to an array cloud_accounts.

 

Hope this helps.

L1 Bithead

Re: Mandatory Request Headers for Redlock API - x-redlock-auth

Thanks for the response. I didn't get to testing for my use case but looks to make sense with the headers definition for 'x-redlock-auth' being passed to reqests. Will mark as a solution when I get to testing.

L1 Bithead

Re: Mandatory Request Headers for Redlock API - x-redlock-auth

Thanks for another approach. I didn't get to testing for my use case but looks to make sense with the headers definition for 'x-redlock-auth' being passed to reqests. Will mark as a solution when I get to testing.

L1 Bithead

Re: Mandatory Request Headers for Redlock API - x-redlock-auth

Hi JBox- Thanks again, this helped for sure and I liked the function so it can be used later in the script. Couple notes for others on what I did to get it to work for me. First the API variable didn't carry over outside the user defined function on my system so I just defined another variable outside that block to get it to go for me and called that in the requests function call. Second, I think the def login() in the example needed a : after the definition of the user function. It looked like, login(): and that worked on my system. It's probably a janky way to do it but again, I'm not great at this. Either way thanks for for helping with that definition of the x-redlock-auth JWT handling!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!