From 26bb9338870474437610328787239785a7ab296a Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Mon, 23 Oct 2023 15:43:12 -0700 Subject: [PATCH] docs: backported API docs (#1695) --- docs/api-content/api-docs/1-introduction.md | 30 ++- docs/api-content/api-docs/2-samples.mdx | 141 ++++++----- .../api-docs/3-postman-collection.md | 2 +- .../certificate-management.md | 2 +- .../maas/install-manage-maas-pcg.md | 2 +- .../clusters/data-center/openstack.md | 2 +- .../clusters/data-center/vmware.md | 2 +- .../edgeforge-workflow/build-artifacts.md | 2 +- .../build-content-bundle.md | 2 +- .../devx/manage-dev-engine/sso.md | 2 +- .../palette-cli/install-palette-cli.md | 2 +- .../product-architecture.md | 2 +- .../tenant-settings/api-key-management.md | 48 ++++ .../authentication/_category_.json | 3 + .../authentication/api-key/_category_.json | 3 + .../authentication/api-key/api-key.md | 25 ++ .../authentication/api-key/create-api-key.md | 152 ++++++++++++ .../authentication/api-key/delete-api-key.md | 108 ++++++++ .../authentication/api-key/modify-api-key.md | 133 ++++++++++ .../authentication/api-key/revoke-api-key.md | 231 ++++++++++++++++++ .../authentication.md} | 67 ++--- .../authentication/authorization-token.md | 77 ++++++ .../authentication/ui-autentication.md | 34 +++ 23 files changed, 939 insertions(+), 133 deletions(-) create mode 100644 docs/docs-content/tenant-settings/api-key-management.md create mode 100644 docs/docs-content/user-management/authentication/_category_.json create mode 100644 docs/docs-content/user-management/authentication/api-key/_category_.json create mode 100644 docs/docs-content/user-management/authentication/api-key/api-key.md create mode 100644 docs/docs-content/user-management/authentication/api-key/create-api-key.md create mode 100644 docs/docs-content/user-management/authentication/api-key/delete-api-key.md create mode 100644 docs/docs-content/user-management/authentication/api-key/modify-api-key.md create mode 100644 docs/docs-content/user-management/authentication/api-key/revoke-api-key.md rename docs/docs-content/user-management/{user-authentication.md => authentication/authentication.md} (58%) create mode 100644 docs/docs-content/user-management/authentication/authorization-token.md create mode 100644 docs/docs-content/user-management/authentication/ui-autentication.md diff --git a/docs/api-content/api-docs/1-introduction.md b/docs/api-content/api-docs/1-introduction.md index 51762f858c..7845f5dfb2 100644 --- a/docs/api-content/api-docs/1-introduction.md +++ b/docs/api-content/api-docs/1-introduction.md @@ -16,19 +16,29 @@ Palette offers a range of capabilities you can access through the REST APIs. The Every API's URI has the prefix of the version and the Palette resource, such as: `v1/spectroclusters/...` ## Authentication -Palette supports two types of user authentication methods: +Palette supports two types of API authentication methods that can be used to authenticate API requests: -### Using Authorization Token - * All requests must be authenticated with an API token that is passed using the HTTP request header `Authorization`. - * Activated users can use the `/auth/authenticate` API to authenticate and obtain the Authorization token. - * Every authorization token is valid for 15 min. - * To refresh the token use [this GET call](https://docs.spectrocloud.com/api/v1/auth/): `GET /v1/auth/refresh/{token}` +- [Authorization Token](#using-authorization-token) + +- [API Key](#using-the-api-key) + +### Authorization Token + +You can acquire authorization tokens from Palette that have a 15-minute lifetime. The authorization token is passed as part of the HTTP request header. You can use the authorization token to authenticate and authorize the request. The header name is `Authorization`, and the token is the header value. Refer to the [Authorization Token](/user-management/authentication/authorization-token) section to learn more about the authorization token. -### Using the API Key +### API Key + +You can use API keys to authenticate with the Palette API. API keys allow you to interact with Palette APIs without requiring user credentials such as username and password. The API key must be present in each API request to authenticate and authorize the request. The API Key is passed as part of the HTTP request header. The header name is `apiKey`, and the API key is the header value. + +The following example shows how to pass the API key in the HTTP request header: + +```shell hideClipboard +curl --location "https://api.spectrocloud.com/v1/spectroclusters/123456789?ProjectUid=12345678" \ + --header 'Accept: application/json' \ + --header "apiKey: 123456789" +``` -Palette uses API keys to provide secure API authentication and authorization. This enables the usage of Palette APIs without requiring user credentials such as username and password. The API key must be present in individual API requests in order to authenticate and authorize the request. The API Key is passed as part of the HTTP request header and in the following format: - * Key: ApiKey - * Value: API key copied from the Palette Console. E.g. QMOI1ZVKVIoW6LM6uXqSWFPsjmt0juvl +Refer to the [API Key](/user-management/authentication/api-key) section to learn how to create and manage API keys. ## Requests diff --git a/docs/api-content/api-docs/2-samples.mdx b/docs/api-content/api-docs/2-samples.mdx index 1496f475d6..6823932316 100644 --- a/docs/api-content/api-docs/2-samples.mdx +++ b/docs/api-content/api-docs/2-samples.mdx @@ -32,8 +32,7 @@ Check out the [Palette Postman collection](/api/postman-collection) resource to - You must have a Spectro Cloud account. If you do not have an account, you can create one at [https://console.spectrocloud.com](https://console.spectrocloud.com). -- An Authentication header with a token value or an API Key with an ApiKey value. - Learn more about authentication credentials by reviewing the [authentication methods](https://docs.spectrocloud.com/user-management/user-authentication) resource. +- An Authentication header with a token value or an API key. Learn more about authentication credentials by reviewing the [authentication methods](/user-management/authentication/api-key) resource. - The respective language runtime and package manager installed on your machine. @@ -60,7 +59,7 @@ Some of the endpoints require a cluster ID. :::info -If you do not provide the ProjectUid header, then the assumed scope is of the tenant. +If you do not provide the projectUid header, then the assumed scope is of the tenant. ::: @@ -94,10 +93,10 @@ export PAYLOAD='{ ```shell -curl --location 'https://api.spectrocloud.com/v1/spectroclusters/$PROVIDER?ProjectUid=$PROJECT_ID"' \ +curl --location 'https://api.spectrocloud.com/v1/spectroclusters/$PROVIDER?projectUid=$PROJECT_ID"' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ - --header "ApiKey: $API_KEY" + --header "apiKey: $API_KEY" --data "$PAYLOAD" ``` @@ -111,7 +110,7 @@ const projectID = process.env.PROJECT_ID; const provider = process.env.PROVIDER; // Or specify the provider directly such as "aws", "aks", "openstack" // Build the request URL -const url = `https://api.spectrocloud.com/v1/spectroclusters/${provider}?ProjectUid=${projectID}`; +const url = `https://api.spectrocloud.com/v1/spectroclusters/${provider}?projectUid=${projectID}`; // Define data payload for the request const data = { @@ -129,7 +128,7 @@ const data = { const headers = new Headers({ "Content-Type": "application/json", Accept: "application/json", - ApiKey: apiKey, + apiKey: apiKey, }); // Define async function to send POST request @@ -172,7 +171,7 @@ func main() { projectID := os.Getenv("PROJECT_ID") provider := os.Getenv("PROVIDER") - url := fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?ProjectUid=%s", provider, projectID) + url := fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?projectUid=%s", provider, projectID) data := map[string]interface{}{ @@ -196,7 +195,7 @@ func main() { headers := http.Header{} headers.Set("Content-Type", "application/json") headers.Set("Accept", "application/json") - headers.Set("ApiKey", apiKey) + headers.Set("apiKey", apiKey) // Send POST request with data payload resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData)) @@ -232,7 +231,7 @@ def send_request(): provider = os.environ['PROVIDER'] # Or specify the provider directly such as "aws", "aks", "openstack" # Build the request URL - url = f"https://api.spectrocloud.com/v1/spectroclusters/{provider}?ProjectUid={projectID}" + url = f"https://api.spectrocloud.com/v1/spectroclusters/{provider}?projectUid={projectID}" # Define data payload for the request data = { @@ -250,7 +249,7 @@ def send_request(): headers = { "Content-Type": "application/json", "Accept": "application/json", - "ApiKey": apiKey + "apiKey": apiKey } try: @@ -302,7 +301,7 @@ async fn main() -> Result<(), Box> { let provider = env::var("PROVIDER")?; let url = format!( - "https://api.spectrocloud.com/v1/spectroclusters/{}?ProjectUid={}", + "https://api.spectrocloud.com/v1/spectroclusters/{}?projectUid={}", provider, project_id ); @@ -319,7 +318,7 @@ async fn main() -> Result<(), Box> { let mut headers = HeaderMap::new(); headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json")); headers.insert("Accept", HeaderValue::from_static("application/json")); - headers.insert("ApiKey", HeaderValue::from_str(&api_key)?); + headers.insert("apiKey", HeaderValue::from_str(&api_key)?); let resp = client.post(&url).headers(headers).json(&data).send().await?; let mut resp_body = String::new(); @@ -355,9 +354,9 @@ export CLUSTER_ID="Your Cluster ID" ```shell -curl -s --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?ProjectUid=$PROJECT_ID" \ +curl -s --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?projectUid=$PROJECT_ID" \ --header 'Accept: application/json' \ - --header "ApiKey: $API_KEY" \ + --header "apiKey: $API_KEY" \ | jq -r '.status' ``` @@ -370,10 +369,10 @@ const apiKey = process.env.API_KEY; const projectID = process.env.PROJECT_ID; const clusterID = process.env.CLUSTER_ID; -const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?ProjectUid=${projectID}`; +const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?projectUid=${projectID}`; const headers = { Accept: "application/json", - ApiKey: apiKey, + apiKey: apiKey, }; try { @@ -406,7 +405,7 @@ func main() { projectID := os.Getenv("PROJECT_ID") apiKey := os.Getenv("API_KEY") - url := fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?ProjectUid=%s", clusterID, projectID) + url := fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?projectUid=%s", clusterID, projectID) req, err := http.NewRequest("GET", url, nil) if err != nil { fmt.Println("Error creating request:", err) @@ -414,7 +413,7 @@ func main() { } req.Header.Add("Accept", "application/json") - req.Header.Add("ApiKey", apiKey) + req.Header.Add("apiKey", apiKey) client := &http.Client{} resp, err := client.Do(req) @@ -463,12 +462,12 @@ def get_cluster_status(): clusterID = os.environ['CLUSTER_ID'] # Build the request URL - url = f"https://api.spectrocloud.com/v1/spectroclusters/{clusterID}?ProjectUid={projectID}" + url = f"https://api.spectrocloud.com/v1/spectroclusters/{clusterID}?projectUid={projectID}" # Define headers for the request headers = { 'Accept': 'application/json', - 'ApiKey': apiKey, + 'apiKey': apiKey, } try: @@ -505,13 +504,13 @@ async fn main() -> Result<(), Box> { let api_key = env::var("API_KEY").unwrap(); let url = format!( - "https://api.spectrocloud.com/v1/spectroclusters/{}?ProjectUid={}", + "https://api.spectrocloud.com/v1/spectroclusters/{}?projectUid={}", cluster_id, project_id ); let mut headers = HeaderMap::new(); headers.insert(ACCEPT, HeaderValue::from_static("application/json")); - headers.insert("ApiKey", HeaderValue::from_str(&api_key)?); + headers.insert("apiKey", HeaderValue::from_str(&api_key)?); let client = reqwest::Client::new(); let resp = client.get(&url).headers(headers).send().await?; @@ -550,9 +549,9 @@ export CLUSTER_ID="Your Cluster ID" ```shell -curl --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?ProjectUid=$PROJECT_ID" \ +curl --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?projectUid=$PROJECT_ID" \ --header 'Accept: application/json' \ - --header "ApiKey: $API_KEY" + --header "apiKey: $API_KEY" ``` @@ -566,12 +565,12 @@ const projectID = process.env.PROJECT_ID; const clusterID = process.env.CLUSTER_ID; // Build the request URL -const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?ProjectUid=${projectID}`; +const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?projectUid=${projectID}`; // Define headers for the request const headers = new Headers({ Accept: "application/json", - ApiKey: apiKey, + apiKey: apiKey, }); // Define an async function to send the HTTP request @@ -614,7 +613,7 @@ func main() { clusterID := os.Getenv("CLUSTER_ID") // Create a new HTTP request - req, err := http.NewRequest("GET", fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?ProjectUid=%s", clusterID, projectID), nil) + req, err := http.NewRequest("GET", fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?projectUid=%s", clusterID, projectID), nil) if err != nil { fmt.Println("Error creating HTTP request:", err) return @@ -622,7 +621,7 @@ func main() { // Add headers to the request req.Header.Add("Accept", "application/json") - req.Header.Add("ApiKey", apiKey) + req.Header.Add("apiKey", apiKey) // Send the HTTP request client := http.Client{} @@ -662,12 +661,12 @@ def get_cluster_info(): cluster_id = os.environ.get("CLUSTER_ID") # Build the request URL - url = f"https://api.spectrocloud.com/v1/spectroclusters/{cluster_id}?ProjectUid={project_id}" + url = f"https://api.spectrocloud.com/v1/spectroclusters/{cluster_id}?projectUid={project_id}" # Define headers for the request headers = { "Accept": "application/json", - "ApiKey": api_key + "apiKey": api_key } # Send the HTTP request using the requests library @@ -706,7 +705,7 @@ async fn main() -> Result<(), reqwest::Error> { let cluster_id = env::var("CLUSTER_ID").unwrap(); // Build the request URL - let url = format!("https://api.spectrocloud.com/v1/spectroclusters/{}?ProjectUid={}", cluster_id, project_id); + let url = format!("https://api.spectrocloud.com/v1/spectroclusters/{}?projectUid={}", cluster_id, project_id); // Define headers for the request let mut headers = HeaderMap::new(); @@ -750,9 +749,9 @@ The values are found in the `spec.cloudConfigRef` field of the cluster object. Y ```shell -curl -s --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?ProjectUid=$PROJECT_ID" \ +curl -s --location "https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID?projectUid=$PROJECT_ID" \ --header 'Accept: application/json' \ - --header "ApiKey: $API_KEY" \ + --header "apiKey: $API_KEY" \ | jq -r '.spec.cloudConfigRef | "\(.kind) \(.uid)"' ``` @@ -767,12 +766,12 @@ const projectID = process.env.PROJECT_ID; const clusterID = process.env.CLUSTER_ID; // Build the request URL -const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?ProjectUid=${projectID}`; +const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}?projectUid=${projectID}`; // Define headers for the request const headers = new Headers({ Accept: "application/json", - ApiKey: apiKey, + apiKey: apiKey, }); // Define an async function to send the HTTP request @@ -835,7 +834,7 @@ func main() { clusterID := os.Getenv("CLUSTER_ID") // Create a new HTTP request - req, err := http.NewRequest("GET", fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?ProjectUid=%s", clusterID, projectID), nil) + req, err := http.NewRequest("GET", fmt.Sprintf("https://api.spectrocloud.com/v1/spectroclusters/%s?projectUid=%s", clusterID, projectID), nil) if err != nil { fmt.Println("Error creating HTTP request:", err) return @@ -843,7 +842,7 @@ func main() { // Add headers to the request req.Header.Add("Accept", "application/json") - req.Header.Add("ApiKey", apiKey) + req.Header.Add("apiKey", apiKey) // Send the HTTP request client := http.Client{} @@ -888,12 +887,12 @@ project_id = os.environ.get("PROJECT_ID") cluster_id = os.environ.get("CLUSTER_ID") # Build the request URL -url = f"https://api.spectrocloud.com/v1/spectroclusters/{cluster_id}?ProjectUid={project_id}" +url = f"https://api.spectrocloud.com/v1/spectroclusters/{cluster_id}?projectUid={project_id}" # Define headers for the request headers = { "Accept": "application/json", - "ApiKey": api_key + "apiKey": api_key } # Send the HTTP request using the requests library @@ -949,7 +948,7 @@ async fn main() -> Result<(), reqwest::Error> { let cluster_id = env::var("CLUSTER_ID").unwrap(); // Build the request URL - let url = format!("https://api.spectrocloud.com/v1/spectroclusters/{}?ProjectUid={}", cluster_id, project_id); + let url = format!("https://api.spectrocloud.com/v1/spectroclusters/{}?projectUid={}", cluster_id, project_id); // Define headers for the request let mut headers = HeaderMap::new(); @@ -1009,8 +1008,8 @@ export CLUSTER_ID="Your Cluster ID" curl --location "https://api.spectrocloud.com/v1/dashboard/spectroclusters/$CLUSTER_ID/workloads" \ --header "Content-Type: application/json" \ --header "Accept: application/json" \ - --header "ProjectUid: $PROJECT_ID" \ - --header "ApiKey: $API_KEY" \ + --header "projectUid: $PROJECT_ID" \ + --header "apiKey: $API_KEY" \ --data '{ "filter": { "namespaces": ["default", "myOtherNamespace"] @@ -1034,8 +1033,8 @@ const options = { headers: { "Content-Type": "application/json", Accept: "application/json", - ProjectUid: PROJECT_ID, - ApiKey: API_KEY, + projectUid: PROJECT_ID, + apiKey: API_KEY, }, body: JSON.stringify({ filter: { @@ -1099,8 +1098,8 @@ func main() { request.Header.Set("Content-Type", "application/json") request.Header.Set("Accept", "application/json") - request.Header.Set("ProjectUid", projectID) - request.Header.Set("ApiKey", apiKey) + request.Header.Set("projectUid", projectID) + request.Header.Set("apiKey", apiKey) client := &http.Client{} @@ -1149,8 +1148,8 @@ def main(): headers = { "Content-Type": "application/json", "Accept": "application/json", - "ProjectUid": project_id, - "ApiKey": api_key + "projectUid": project_id, + "apiKey": api_key } response = requests.post(url, json=request_body, headers=headers) @@ -1217,8 +1216,8 @@ async fn main() -> Result<(), Box> { let mut headers = HeaderMap::new(); headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json")); headers.insert(ACCEPT, HeaderValue::from_static("application/json")); - headers.insert("ProjectUid", HeaderValue::from_str(&project_id)?); - headers.insert("ApiKey", HeaderValue::from_str(&api_key)?); + headers.insert("projectUid", HeaderValue::from_str(&project_id)?); + headers.insert("apiKey", HeaderValue::from_str(&api_key)?); let client = reqwest::Client::new(); let response = client @@ -1266,8 +1265,8 @@ In the following example, a filter for the tags `dev` and `team:bravo-2` is spec curl --location 'https://api.spectrocloud.com/v1/dashboard/spectroclusters/search?limit=20' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ - --header "ProjectUid: $PROJECT_ID" \ - --header "ApiKey: $API_KEY" \ + --header "projectUid: $PROJECT_ID" \ + --header "apiKey: $API_KEY" \ --data '{ "filter": { "conjunction": "and", @@ -1311,8 +1310,8 @@ async function searchSpectroclusters() { const headers = { "Content-Type": "application/json", Accept: "application/json", - ProjectUid: process.env.PROJECT_UID, - ApiKey: process.env.API_KEY, + projectUid: process.env.PROJECT_UID, + apiKey: process.env.API_KEY, }; const body = JSON.stringify({ filter: { @@ -1437,8 +1436,8 @@ func main() { req.Header.Set("Content-Type", "application/json") req.Header.Set("Accept", "application/json") - req.Header.Set("ProjectUid", os.Getenv("PROJECT_UID")) - req.Header.Set("ApiKey", os.Getenv("API_KEY")) + req.Header.Set("projectUid", os.Getenv("PROJECT_UID")) + req.Header.Set("apiKey", os.Getenv("API_KEY")) client := &http.Client{} resp, err := client.Do(req) @@ -1504,8 +1503,8 @@ filter = { headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', - 'ProjectUid': os.getenv('PROJECT_UID'), - 'ApiKey': os.getenv('API_KEY') + 'projectUid': os.getenv('PROJECT_UID'), + 'apiKey': os.getenv('API_KEY') } response = requests.post(url, headers=headers, json=filter) @@ -1596,11 +1595,11 @@ async fn main() -> Result<(), Box> { ); headers.insert("Accept", HeaderValue::from_static("application/json")); headers.insert( - "ProjectUid", + "projectUid", HeaderValue::from_str(&env::var("PROJECT_UID").unwrap()).unwrap(), ); headers.insert( - "ApiKey", + "apiKey", HeaderValue::from_str(&env::var("API_KEY").unwrap()).unwrap(), ); headers @@ -1647,8 +1646,8 @@ export CLUSTER_ID="Your Cluster ID" ```shell curl --location 'https://api.spectrocloud.com/v1/spectroclusters/$CLUSTER_ID/assets/kubeconfig' \ --header 'Accept: application/octet-stream' \ - --header 'ProjectUid: $PROJECT_ID' \ - --header 'ApiKey: $API_KEY' + --header 'projectUid: $PROJECT_ID' \ + --header 'apiKey: $API_KEY' ``` @@ -1663,8 +1662,8 @@ const clusterID = process.env.CLUSTER_ID; const url = `https://api.spectrocloud.com/v1/spectroclusters/${clusterID}/assets/kubeconfig?frp=true`; const headers = { Accept: "application/octet-stream", - ProjectUid: projectID, - ApiKey: apiKey, + projectUid: projectID, + apiKey: apiKey, }; try { @@ -1708,8 +1707,8 @@ func main() { // Set headers for the request req.Header.Set("Accept", "application/octet-stream") - req.Header.Set("ProjectUid", projectID) - req.Header.Set("ApiKey", apiKey) + req.Header.Set("projectUid", projectID) + req.Header.Set("apiKey", apiKey) // Send the HTTP request client := &http.Client{} @@ -1756,8 +1755,8 @@ def main(): # Define headers for the request headers = { "Accept": "application/octet-stream", - "ProjectUid": project_id, - "ApiKey": api_key + "projectUid": project_id, + "apiKey": api_key } try: @@ -1797,8 +1796,8 @@ async fn main() -> Result<(), reqwest::Error> { // Define headers for the request let mut headers = HeaderMap::new(); headers.insert("Accept", HeaderValue::from_static("application/octet-stream")); - headers.insert("ProjectUid", HeaderValue::from_str(&project_id).unwrap()); - headers.insert("ApiKey", HeaderValue::from_str(&api_key).unwrap()); + headers.insert("projectUid", HeaderValue::from_str(&project_id).unwrap()); + headers.insert("apiKey", HeaderValue::from_str(&api_key).unwrap()); // Send the HTTP request using the reqwest library let response = reqwest::Client::new() diff --git a/docs/api-content/api-docs/3-postman-collection.md b/docs/api-content/api-docs/3-postman-collection.md index f38d74c020..1b5f9cc284 100644 --- a/docs/api-content/api-docs/3-postman-collection.md +++ b/docs/api-content/api-docs/3-postman-collection.md @@ -31,7 +31,7 @@ Two forms of authentication are available to interact with the Spectro Cloud API or * An API Key with an ApiKey value. -Learn more about [authentication methods](https://docs.spectrocloud.com/user-management/user-authentication) in Palette documentation. +Learn more about [authentication methods](/user-management/authentication/api-key) in Palette documentation. ## Import the Postman Collection diff --git a/docs/docs-content/clusters/cluster-management/certificate-management.md b/docs/docs-content/clusters/cluster-management/certificate-management.md index 807c4f5814..9d89719ca6 100644 --- a/docs/docs-content/clusters/cluster-management/certificate-management.md +++ b/docs/docs-content/clusters/cluster-management/certificate-management.md @@ -129,7 +129,7 @@ Use the following steps to update the cluster PKI certificates through the Palet ### Prerequisites -- A Palette API key. You can learn how to create a Palette API key by reviewing the [API Key](../../user-management/user-authentication.md) documentation. +- A Palette API key. You can learn how to create a Palette API key by reviewing the [API Key](../../user-management/authentication/authentication.md) documentation. - A deployed host cluster. diff --git a/docs/docs-content/clusters/data-center/maas/install-manage-maas-pcg.md b/docs/docs-content/clusters/data-center/maas/install-manage-maas-pcg.md index d342969b22..fa4f67d495 100644 --- a/docs/docs-content/clusters/data-center/maas/install-manage-maas-pcg.md +++ b/docs/docs-content/clusters/data-center/maas/install-manage-maas-pcg.md @@ -59,7 +59,7 @@ Use the following steps to install a PCG cluster in your MAAS environment. You c - Download the Palette CLI from the [Downloads](../../../spectro-downloads.md#palette-cli) page and install the CLI. Refer to the [Palette CLI Install](../../../palette-cli/install-palette-cli.md) guide to learn more. -- A Palette API key. Refer to the [Create API Key](../../../user-management/user-authentication.md#apikey) page for guidance. +- A Palette API key. Refer to the [Create API Key](../../../user-management/authentication/api-key/create-api-key.md) page for guidance. :::caution diff --git a/docs/docs-content/clusters/data-center/openstack.md b/docs/docs-content/clusters/data-center/openstack.md index 39c98535dc..0f381537b7 100644 --- a/docs/docs-content/clusters/data-center/openstack.md +++ b/docs/docs-content/clusters/data-center/openstack.md @@ -375,7 +375,7 @@ The following system prerequisites are required to install an OpenStack PCG. - Palette version 4.0.X or greater. -- A Palette API key. Refer to the [Create API Key](../../user-management/user-authentication.md#api-key) page for guidance. +- A Palette API key. Refer to the [Create API Key](../../user-management/authentication//api-key/create-api-key.md) page for guidance. - Download the Palette CLI from the [Downloads](../../spectro-downloads.md#palette-cli) page and install the CLI. Refer to the [Palette CLI Install](../../palette-cli/install-palette-cli.md) guide to learn more. diff --git a/docs/docs-content/clusters/data-center/vmware.md b/docs/docs-content/clusters/data-center/vmware.md index 7cbaae76b0..be172ee2fe 100644 --- a/docs/docs-content/clusters/data-center/vmware.md +++ b/docs/docs-content/clusters/data-center/vmware.md @@ -613,7 +613,7 @@ You can use two different PCG installation methods for VMware vSphere. You can u - Palette version 4.0.X or greater. -- A Palette API key. Refer to the [Create API Key](../../user-management/user-authentication.md#api-key) page for guidance. +- A Palette API key. Refer to the [Create API Key](../../user-management/authentication/api-key/create-api-key.md) page for guidance. - Download the Palette CLI from the [Downloads](../../spectro-downloads.md#palette-cli) page and install the CLI. Refer to the [Palette CLI Install](../../palette-cli/install-palette-cli.md) guide to learn more. diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/build-artifacts.md b/docs/docs-content/clusters/edge/edgeforge-workflow/build-artifacts.md index 93ee864cf3..c87d36d36d 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/build-artifacts.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/build-artifacts.md @@ -57,7 +57,7 @@ To complete this guide, you will need the following items: * You must have completed the [Build Edge Artifacts](palette-canvos.md) guide to build the provider images and create a cluster profile referencing one of the provider images. -* A Spectro Cloud API key. Later in this guide, you will use this API key to authenticate the Palette Edge CLI utility and allow it to interact with Palette. Refer to the [User Authentication](../../../user-management/user-authentication.md/#api-key) guide to create a new API key. +* A Spectro Cloud API key. Later in this guide, you will use this API key to authenticate the Palette Edge CLI utility and allow it to interact with Palette. Refer to the [User Authentication](../../../user-management/authentication/api-key/create-api-key.md) guide to create a new API key. ## Instructions diff --git a/docs/docs-content/clusters/edge/edgeforge-workflow/build-content-bundle.md b/docs/docs-content/clusters/edge/edgeforge-workflow/build-content-bundle.md index 471dee893b..c8eb8361d6 100644 --- a/docs/docs-content/clusters/edge/edgeforge-workflow/build-content-bundle.md +++ b/docs/docs-content/clusters/edge/edgeforge-workflow/build-content-bundle.md @@ -40,7 +40,7 @@ Creating a content bundle provides several benefits that may address common use - Linux Machine (Physical or VM) with an AMD64 architecture. -- Palette API key. Refer to the [User Authentication](../../../user-management/user-authentication.md/#api-key) resource to learn how to create a Palette API key. +- Palette API key. Refer to the [User Authentication](../../../user-management/authentication/api-key/create-api-key.md) resource to learn how to create a Palette API key. - An Edge Native cluster profile. Refer to [Create Edge Native Cluster Profile](../site-deployment/model-profile.md) guide to learn how to create an Edge Native cluster profile. You may also have other add-on profiles that you wish to attach to your cluster. diff --git a/docs/docs-content/devx/manage-dev-engine/sso.md b/docs/docs-content/devx/manage-dev-engine/sso.md index 38407a216b..dd7cf255ce 100644 --- a/docs/docs-content/devx/manage-dev-engine/sso.md +++ b/docs/docs-content/devx/manage-dev-engine/sso.md @@ -18,7 +18,7 @@ To enable SSO with third-party Social Sign-In Providers use the following steps. :::info -To learn more about the Sign-In Flow, refer to the [User Authentication](../../user-management/user-authentication.md#sign-in-flow) documentation. +To learn more about the Sign-In Flow, refer to the [User Authentication](../../user-management/authentication/ui-autentication.md) documentation. ::: diff --git a/docs/docs-content/palette-cli/install-palette-cli.md b/docs/docs-content/palette-cli/install-palette-cli.md index 6cf7f11e66..4b316f06a5 100644 --- a/docs/docs-content/palette-cli/install-palette-cli.md +++ b/docs/docs-content/palette-cli/install-palette-cli.md @@ -21,7 +21,7 @@ Use the following steps to install and set up the Palette CLI. - A Palette account. Click [here](https://console.spectrocloud.com/) to create a Palette account. -- A Palette API key. Refer to the [API Key](../user-management/user-authentication.md#api-key) reference page to learn how to create an API key. +- A Palette API key. Refer to the [Create API Key](../user-management/authentication/api-key/create-api-key.md) reference page to learn how to create an API key. diff --git a/docs/docs-content/security/product-architecture/product-architecture.md b/docs/docs-content/security/product-architecture/product-architecture.md index 17cb71d158..e975e6a5a5 100644 --- a/docs/docs-content/security/product-architecture/product-architecture.md +++ b/docs/docs-content/security/product-architecture/product-architecture.md @@ -86,4 +86,4 @@ Palette has a common API gateway validation service that ensures there are no in You can use the gateway validation service log to trace APIs with a unique ID, Tenant UID, or Session UID. To avoid revealing unnecessary information, all UIDs are 48-bit random hex strings. -Refer to the [API Key Authentication](../../user-management/user-authentication.md#api-key) guide for details. +Refer to the [API Key Authentication](../../user-management/authentication/api-key/api-key.md) guide for details. diff --git a/docs/docs-content/tenant-settings/api-key-management.md b/docs/docs-content/tenant-settings/api-key-management.md new file mode 100644 index 0000000000..95eceb415b --- /dev/null +++ b/docs/docs-content/tenant-settings/api-key-management.md @@ -0,0 +1,48 @@ +--- +sidebar_label: "API Key Management" +title: "API Key Management" +description: "Learn how to set a login banner for your Palette tenant." +icon: "" +hide_table_of_contents: false +sidebar_position: 0 +tags: ["tenant-administration", "authentication", "api-key"] +--- + +You can manage API keys for your Palette tenant. API keys are used to authenticate API requests to Palette. You can create, edit, revoke, and delete API keys for your tenant. + +Unlike regular user accounts, tenant administrators can view all API keys created for the tenant. Non-tenant users are limited to actions for their own API keys. + + +The following table describes the API key management tasks you can perform as a tenant administrator, and how they differ from non-tenant users. + +| **Action** | **Description** | **Tenant Admin** | **Non-tenant User** | +| --- | --- | --- | --- | --- | +| **List** | List all API keys in the tenant. | ✅ | ❌ | +| **Create** | Create a new API key. | ✅ | ✅ | +| **Create for User** | Create a new API key for a different user. | ✅ | ❌ | +| **Edit** | Edit an existing API key. | ✅ | ✅ | +| **Revoke** | Revoke an existing API key. | ✅ | ✅ | +| **Delete** | Delete an existing API key. | ✅ | ✅ | +| **Reassign** | Reassign an existing API key to a different user. | ❌ | ❌ | +| **View** | View the sensitive API key value. | ❌ | ❌ | + + +:::caution + +Once an API key is created, the API key value is only displayed once. You must save the API key value in a secure location, such as a password manager. If you or a user lose the API key value, a new API key must be created. + +::: + + +Use the guides listed in [Resources](#resources) section to learn more about each individual API key management task. Each guide contains a section for tenant administrators and non-tenant users. + + +## Resources + +- [Create API Key](../user-management/authentication/api-key/create-api-key.md) + +- [Edit API Key](../user-management/authentication/api-key/modify-api-key.md) + +- [Revoke API Key](../user-management/authentication/api-key/revoke-api-key.md) + +- [Delete API Key](../user-management/authentication/api-key/delete-api-key.md) \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/_category_.json b/docs/docs-content/user-management/authentication/_category_.json new file mode 100644 index 0000000000..094470741d --- /dev/null +++ b/docs/docs-content/user-management/authentication/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 10 +} diff --git a/docs/docs-content/user-management/authentication/api-key/_category_.json b/docs/docs-content/user-management/authentication/api-key/_category_.json new file mode 100644 index 0000000000..094470741d --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 10 +} diff --git a/docs/docs-content/user-management/authentication/api-key/api-key.md b/docs/docs-content/user-management/authentication/api-key/api-key.md new file mode 100644 index 0000000000..03da51dd33 --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/api-key.md @@ -0,0 +1,25 @@ +--- +sidebar_label: "API Key" +title: "API Key" +description: "Learn about API Key authentication methods in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 0 +tags: ["user-management", "authentication", "api-key"] +--- + +Palette API keys can be used to authenticate requests to the Palette REST API calls. You can use the API key to make REST API calls without providing your username and password. If you are a tenant admin, you can create API keys for yourself or other users. + +Tenant administrators have additional permissions and capabilities to manage API keys. Tenant admins can create, edit, revoke, and delete API keys for any user within the tenant. Each of these actions is described in detail in the following resources. + + + +## Resources + +- [Create API Key](create-api-key.md) + +- [Edit API Key](modify-api-key.md) + +- [Revoke API Key](revoke-api-key.md) + +- [Delete API Key](delete-api-key.md) \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/api-key/create-api-key.md b/docs/docs-content/user-management/authentication/api-key/create-api-key.md new file mode 100644 index 0000000000..3aec12dacd --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/create-api-key.md @@ -0,0 +1,152 @@ +--- +sidebar_label: "Create API Key" +title: "Create API Key" +description: "Create an API Key to authenticate API requests to Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 0 +tags: ["user-management", "authentication", "api-key"] +--- + +You can create an API key to authenticate API requests to Palette. Use the API key to make REST API calls without providing your username and password. The API keys are limited to a single tenant and user. If you are a tenant admin, you can create API keys for any user within the tenant. + +Once you create an API key, you cannot view the key again. Save the key in a secure location, such as a password manager. This restrictions applies to both the Palette User Interface and the REST API. When you create an API key, you can set an expiration date for the key. The expiration date can be further customized after the key creation. + +Tenant administrators have the ability to create an API on behalf of any user within the tenant. Select the Tenant tab below to learn more about creating an API key as a tenant admin. + + ## Prerequisites + + + + + * You must have a Palette account, and you must be logged in. + + + + + * You must have a Palette account, and you must be logged in. + + * Tenant administrator access. + + + + +## Create API Key + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + ![Image that points to the user drop-down Menu and points to the API key link](/tutorials/deploy-app/devx_apps_deploy-app_create-api-key.png) + +3. Click on **Add New API key**. + +4. Fill out the following input fields: + + | **Input Field **| **Description** | + | --- | --- | + | **API Key Name** | Assign a name to the API key. | + | **Description** | Provide a description for the API key. | + | **Expiration Date**| Select an expiration date from the available options. You can also specify a custom date by selecting **Custom**. | + +5. Click the **Generate** button. + + +6. Copy the API key and save it in a secure location, such as a password manager. + + :::caution + + Ensure you save the API key in a secure location. You will not be able to view the API key again. + ::: + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Click on **Add New API key**. + + +6. Fill out the following input fields: + + | **Input Field **| **Description** | + | --- | --- | + | **API Key Name** | Assign a name to the API key. | + | **Description** | Provide a description for the API key. | + | **User Name** | Select the user to assign the API key. | + | **Expiration Date**| Select an expiration date from the available options. You can also specify a custom date by selecting **Custom**. | + +5. Click the **Generate** button. + + +6. Copy the API key and save it in a secure location, such as a password manager. Share the API key with the user you created the API key for. + + :::caution + + Ensure you save the API key in a secure location. You will not be able to view the API key again. + ::: + + + + + + +## Validate + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + +3. Verify your API key is listed in the table. + +4. Test your API against the Palette API. Issue the command below in your terminal, replace `PLACE_YOUR_API_KEY_HERE` with your API key. + + ```shell + API_KEY=PLACE_YOUR_API_KEY_HERE + ``` + + +5. Use `curl` to send the HTTP request to the Palette API using your API key. + + ```shell + curl --location 'https://api.spectrocloud.com/v1/apiKeys' \ + --header 'Accept: application/json' \ + --header "apiKey: $API_KEY" + ``` + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Verify the API key is listed in the table with the correct user name and expiration date. + + + \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/api-key/delete-api-key.md b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md new file mode 100644 index 0000000000..58e698a8eb --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/delete-api-key.md @@ -0,0 +1,108 @@ +--- +sidebar_label: "Delete API Key" +title: "Delete API Key" +description: "Delete an existing API Key in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 50 +tags: ["user-management", "authentication", "api-key"] +--- + +You can delete an API key from Palette. A tenant admin can also delete an API key created by another user within the tenant. Use the following steps to delete an API key. + +Tenant administrators can delete an API key on behalf of any user within the tenant. Select the Tenant tab below to learn more about deleting an API key as a tenant admin. + + +## Prerequisites + + + + + * You must have a Palette account, and you must be logged in. + + * You must have an API key created. Refer to the [Create API Key](create-api-key.md) section for more information. + + + + + * You must have a Palette account, and you must be logged in. + + * Tenant administrator access. + + * An existing API key must be available. + + + + +## Delete API Key + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table, and click on the **three-dot Menu**. + + +4. Click on **Delete**. + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Identify the API key in the table you want to remove, and click on the **three-dot Menu**. + + +6. Click on **Delete**. + + + + + + +## Validate + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Verify your API key is not listed in the table. + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + +5. Verify the API key is not listed in the table. + + + \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/api-key/modify-api-key.md b/docs/docs-content/user-management/authentication/api-key/modify-api-key.md new file mode 100644 index 0000000000..2a504cdfd5 --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/modify-api-key.md @@ -0,0 +1,133 @@ +--- +sidebar_label: "Edit API Key" +title: "Edit API Key" +description: "Modify an existing API Key in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 10 +tags: ["user-management", "authentication", "api-key"] +--- + +You can edit an API key you have already created. The following attributes of an API key can be changed: + +| **Attribute** | **Description** | **Edit** | +| --- | --- | --- | +| **API Key Name** | The user assigned name of the API key. | ✅ | +| **Description** | An optional description about the key. | ✅ | +| **Expiration Date** | The expiration date of the key. | ✅ | +| **Value** | The API key value. | ❌ | + + +Tenant administrators can edit an API key on behalf of any user within the tenant. Select the Tenant tab below to learn more about editing an API key as a tenant admin. + +:::info + +Tenant administrators can only edit the API key name, description, and expiration date. The API key value and the assigned user cannot be edited. + +::: + +## Prerequisites + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + * Tenant administrator access. + + + + +## Edit API Key + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table, and click on the **three-dot Menu**. + + +4. Click on **Edit**. + +5. Make the necessary changes to the API key attributes and click **Save**. + + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Identify your API key in the table, and click on the **three-dot Menu**. + + +6. Click on **Edit**. + + +7. Make the necessary changes to the API key attributes and click **Save**. + + + + + +## Validate + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table. + + +4. Verify the changes you made to the API key attributes are reflected in the table, including API key name, description, and expiration date. + + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Identify the altered API key in the table. + + +6. Verify the changes you made to the API key attributes are reflected in the table, including the API key name, description, and expiration date. + + + \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/api-key/revoke-api-key.md b/docs/docs-content/user-management/authentication/api-key/revoke-api-key.md new file mode 100644 index 0000000000..8040982140 --- /dev/null +++ b/docs/docs-content/user-management/authentication/api-key/revoke-api-key.md @@ -0,0 +1,231 @@ +--- +sidebar_label: "Revoke API Key" +title: "Revoke API Key" +description: "Revoke an existing API Key in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 40 +tags: ["user-management", "authentication", "api-key"] +--- + +You can revoke an API key you created in Palette. A tenant admin can also revoke an API key created by another user within the tenant. A revoked API key cannot be used to authenticate API requests and requires a re-activation to be used again. + + +Tenant administrators can revoke an API key in the tenant. Select the Tenant tab below to learn more about revoking an API key as a tenant admin. + + +Use the steps outlined below for the workflow you want to perform: + +- [Revoke API Key](#revoke-api-key) + +- [Reactivate API Key](#reactivate-api-key) + + + +## Revoke API Key + +Use the following steps to revoke an API key. + + +### Prerequisites + + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + * Tenant administrator access. + + + + +### Revoke + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table, and click on the **three-dot Menu**. + + +4. Click on **Revoke**. + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Identify your API key in the table, and click on the **three-dot Menu**. + + +6. Click on **Revoke**. + + + + + +### Validate + + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table. + + +4. Verify the **Active** column in the table is set to **Inactive** for your API key. + + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Verify the **Active** column in the table is set to **Inactive** for the API key you revoked. + + + + + + +## Reactivate API Key + +Use the following steps to reactivate an API key that has been revoked. + +### Prerequisites + + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + + + + * You must have a Palette account, and you must be logged in. + + * An existing API key. + + * Tenant administrator access. + + + + +### Activate + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table, and click on the **three-dot Menu**. + + +4. Click on **Re-activate**. + + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Identify the API key in the table you want to activate, and click on the **three-dot Menu**. + + +6. Click on **Re-activate**. + + + + +### Validate + + + + +1. Log in to [Palette](https://console.spectrocloud.com). + + +2. Navigate to the **User Menu**, and select **My API Keys**. + + +3. Identify your API key in the table. + + +4. Verify the **Active** column in the table is set to **Active** for your API key. + + + + +1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. + + +2. Switch to the **Tenant Admin** scope. + + +3. Navigate to the left **Main Menu** and select **Tenant Settings**. + + +4. From the **Tenant Settings Menu**, select **API Keys**. + + +5. Verify the **Active** column in the table is set to **Active** for the API key you re-activated. + + + \ No newline at end of file diff --git a/docs/docs-content/user-management/user-authentication.md b/docs/docs-content/user-management/authentication/authentication.md similarity index 58% rename from docs/docs-content/user-management/user-authentication.md rename to docs/docs-content/user-management/authentication/authentication.md index c83a6c1449..b190fa72dd 100644 --- a/docs/docs-content/user-management/user-authentication.md +++ b/docs/docs-content/user-management/authentication/authentication.md @@ -1,62 +1,50 @@ --- sidebar_label: "User Authentication" -title: "API Key for API Authentication" -description: "Palette's API key for user authentication for API access " +title: "User Authentication" +description: "Palette supports three types of user authentication methods. User Interface (UI) authentication, API Key, and Authorization Token." icon: "" hide_table_of_contents: false sidebar_position: 0 -tags: ["user-management"] +tags: ["user-management", "authentication"] --- Palette supports three types of user authentication methods. -* [User Interface (UI)](#ui-authentication) authentication +* User Interface UI authentication -* [API Key](#api-key) +* API Key -* [Authorization Token](#authorization-token) +* Authorization Token The API key and the authorization token method can be used when interacting with Palette REST APIs for automation and programmatic purposes. ## UI Authentication -You can log into Palette by visiting the Palette at [http://console.spectrocloud.com](https://console.spectrocloud.com). If you are a user of a Palette Enterprise instance, then you should use the URL provided by your Palette system -administrator, such as `example-company.console.spectrocloud.com.` - -## Account Sign Up - -You can sign up for a Palette SaaS account by visiting [Palette](https://console.spectrocloud.com) or an Enterprise Palette account under your organization by using your organization's custom Palette URL. - -When you create an account, you can create a username and password or create the account through a third-party identity provider, GitHub, Google, or other OIDC providers that are enabled for your organization. For Palette SaaS, GitHub and Google are automatically enabled for SSO integration. - -## Sign In Flow - -Starting with Palette 3.2, the user sign-in flow can be different depending on how you created your Palette account. If you created your user with a username and password, then you may be prompted to select the organization you wish to log in to. If you are a member of a single organization, then you will not be prompted for an organization selection. +You can log into Palette SaaS platform by visiting the console URL at [http://console.spectrocloud.com](https://console.spectrocloud.com). If you are a user of a self-hosted Palette or Palette VerteX, then you should use the URL provided by your system administrator, such as `palette.abc-company.com.` -If you created an account through SSO and are a member of different organizations, then you must first select the organization name you wish to log in to. Click on the **Sign in to your organization** button for the option to specify the organization name. If you need help remembering the organization name, click on the **Forgot your organization name?** button and provide your email address to receive an email containing your organization name and its login URL. +To learn more the UI authentication, refer to the [UI Authentication](./ui-autentication.md) section. -
-:::info -If you are a Palette Enterprise user, use the custom Palette URL for an optimized login experience and avoid specifying the organization name. -Ask your Palette system administrator for the custom Palette URL. + -::: ## API Key -Palette API can also use API Keys to authenticate requests. This is the method of accessing the API without referring to the actual user. +You can use API keys to authenticate API requests. Use the API key to make REST API without having to provide your username and password. Check the [API Key](api-key/api-key.md) section for more information. -## Scope of Palette API Keys + + + ## Authorization Token -You can use authorization tokens to authenticate requests. +You can use authorization tokens to authenticate API requests. To obtain an authorization token, use the `v1/auth/authenticate` API endpoint with a POST request to authenticate and obtain the authorization token. Provide your API key as a header value or query parameter. + +To learn more about the authorization token, refer to the [Authorization Token](authorization-token.md) section. -To obtain an authorization token, use the `v1/auth/authenticate` endpoint with a POST request to authenticate and obtain the authorization token. Provide your API key as a header value or query parameter. The authorization token is valid for 15 minutes. You can refresh the token using the refresh token API. -API requests using the authroization token must use the HTTP header `Authorization` with token as the value. For example: +## Resources -```bash -TOKEN=abcd1234 -``` +- [Authorization Token](authorization-token.md) -```bash -curl --location --request GET 'https://api.spectrocloud.com/v1/projects/alert' \ ---header 'Authorization: $TOKEN' \ ---header 'Content-Type: application/json' -``` +- [API Key](api-key/api-key.md) -To refresh the authorization token, use the `v1/auth/refresh` endpoint with a GET request to refresh the authorization token. +- [UI Authentication](authentication.md) \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/authorization-token.md b/docs/docs-content/user-management/authentication/authorization-token.md new file mode 100644 index 0000000000..d8be2dddc8 --- /dev/null +++ b/docs/docs-content/user-management/authentication/authorization-token.md @@ -0,0 +1,77 @@ +--- +sidebar_label: "Authorization Token" +title: "Authorization Token" +description: "Learn about Authorization Token authentication method in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 5 +tags: ["user-management", "authentication"] +--- + +Palette exposes an API endpoint to generate an authorization token for a user. The authorization token is valid for 15 minutes. You can refresh the token using the refresh token API endpoint. + +API requests using the authorization token must use the HTTP header `Authorization` with a token as the value. + +```bash +TOKEN=abcd1234 +``` + +```bash +curl --location --request GET 'https://api.spectrocloud.com/v1/projects/alert' \ +--header 'Authorization: $TOKEN' \ +--header 'Content-Type: application/json' +``` + + +To refresh the authorization token, use the `v1/auth/refresh` endpoint with a GET request. + + +## Aquire Authorization Token + +To acquire an authorization token, use the `v1/auth` endpoint with a POST request to generate the token. Provide the email ID, organization name, and password in the request body. For example: + +```bash +curl --location 'https://api.spectrocloud.com/v1/auth/authenticate' \ +--header 'Content-Type: application/json' \ +--header 'Accept: application/json' \ +--data-raw '{ + "emailId": "YOUR_EMAIL_ID", + "org": "YOUR_ORG_NAME", + "password": "YOUR_PASSWORD" +}' +``` + +```json hideClipboard +{ + "Authorization": "eyJhbGc.........." +} +``` + +Use the authorization token in the `Authorization` header to make API requests. + + +## Refresh Authorization Token + +To refresh the authorization token, use the `v1/auth/refresh` endpoint with a GET request. Provide the refresh token as a path parameter by replacing `:token` in the URL with the refresh token. + +```bash +curl --location 'https://api.spectrocloud.com/v1/auth/refresh/:token' \ +--header 'Accept: application/json' +``` + + +The response contains the authorization token. Use the new authorization token in the `Authorization` header to make API requests. + + +The following example shows how to refresh the authorization token using the refresh token. The refresh token is abriviated for brevity. + +```bash hideClipboard +curl --location 'https://api.spectrocloud.com/v1/auth/refresh/eyJhbGc..........' \ +--header 'Accept: application/json' +``` + +```json hideClipboard +{ + "Authorization": "eyJhbGc.........." +} +``` \ No newline at end of file diff --git a/docs/docs-content/user-management/authentication/ui-autentication.md b/docs/docs-content/user-management/authentication/ui-autentication.md new file mode 100644 index 0000000000..3c93c92056 --- /dev/null +++ b/docs/docs-content/user-management/authentication/ui-autentication.md @@ -0,0 +1,34 @@ +--- +sidebar_label: "User Interface Authentication" +title: "User Authentication" +description: "Learn about User Interface authentication method in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 10 +tags: ["user-management", "authentication", "user-interface"] +--- + +You can log into Palette SaaS platform by visiting the console URL at [https://console.spectrocloud.com](https://console.spectrocloud.com). If you are a user of a self-hosted Palette or Palette VerteX, then you should use the URL provided by your system administrator, such as `palette.abc-company.com.` + +The Palette UI authentication method is the default authentication method for Palette. You can use the UI to sign up for a Palette account or sign in to an existing account. You can also use the UI to sign in to Palette using a third-party identity provider, such as GitHub or Google. + +## Account Sign Up + +You can sign up for a Palette SaaS account by visiting [Palette](https://console.spectrocloud.com) or an Enterprise Palette account under your organization by using your organization's custom Palette URL. + +When you create an account, you can create a username and password or create the account through a third-party identity provider, GitHub, Google, or other OIDC providers that are enabled for your organization. For Palette SaaS, GitHub and Google are automatically enabled for SSO integration. + +## Sign In Flow + +Starting with Palette 3.2, the user sign-in flow can be different depending on how you created your Palette account. If you created your user with a username and password, then you may be prompted to select the organization you wish to log in to. If you are a member of a single organization, then you will not be prompted for an organization selection. + +If you created an account through SSO and are a member of different organizations, then you must first select the organization name you wish to log in to. Click on the **Sign in to your organization** button for the option to specify the organization name. If you need help remembering the organization name, click on the **Forgot your organization name?** button and provide your email address to receive an email containing your organization name and its login URL. + +
+ +:::info + +If you are a Palette Enterprise user, use the custom Palette URL for an optimized login experience and avoid specifying the organization name. +Ask your Palette system administrator for the custom Palette URL. + +::: \ No newline at end of file