REST API Authentication with SSO

Not Yet Reviewed

Hello all,

We have SSO enabled for our xMatters Web UI login, and I'm trying to use the REST API to authenticate to xMatters but it keeps giving me a 401 Unauthorized error. I have tried Basic Authentication and also API Key authentication with no luck. And I didn't find any reference to Single Sign On in the xMatters REST API documentation.

Is there anything I need to change in my REST API Authentication attempt if we have SSO enabled? My sample Python code is below, which is taken directly from the REST API documentation for returning all Groups, and this code is returning the 401 Unauthorized error. I am able to login to the Web UI with those same credentials and can view groups in the Groups section so it seems I should have the proper permissions.

import requests
from requests.auth import HTTPBasicAuth
import json

base_URL = "https://costco.test.xmatters.com/api/xm/1"

endpoint_URL = "/groups"

url = base_URL + endpoint_URL + "?offset=0&limit=2"

auth = HTTPBasicAuth("johndoe", "ps$$w0rd")

response = requests.get(url, auth=auth)

 

0

Comments

3 comments
Date Votes

Please sign in to leave a comment.

  • You have to set the "Web / App" password for the user and add the "ByPass SSO" role (iirc). If using OAuth, you can remove the ByPass SSO role once a refresh token is obtained (and use that going forward to obtain new access tokens).

    0
  • Hi Kent, 

    We've had a look at the Python code you provided. To get it to work , generate an API Key and secret in the web User Interface using the following instructions:  https://help.xmatters.com/ondemand/#cshid=APIKeyCredentials

    Once you have the API Key and secret, use the API Key as your username, and the secret as the password in your code. Your new code snippet will look like this:

    import requests
    from requests.auth import HTTPBasicAuth
    import json
    
    base_URL = "https://costco.test.xmatters.com/api/xm/1"
    
    endpoint_URL = "/groups"
    
    url = base_URL + endpoint_URL + "?offset=0&limit=2"
    
    key = "<generated_x-api-key>"
    secret = "<secret>"
    auth = HTTPBasicAuth(key, secret)
    response = requests.get(url, auth=auth)

    If you still encounter authentication issues making API calls, please contact our Support team who would be happy to help you. 

    0
  • Hello, adding the auth key/secret into the HTTP Basic Auth was the solution for me! Thank you!

    0

Didn't find what you were looking for?

New post