On 07/13/2013 02:53 PM, Darren Spruell wrote: > Hi, > > Haven't found anything in searching for references, but I was wondering > if RT currently has support for user authentication in the REST API > using API keys/tokens. If not, is this something that has been discussed > for future support? > > We maintain an RT setup where we authenticate via a corporate LDAP (via > ExternalAuth) and users authenticate to RT using their corp credentials. > We'd like to do some utility scripting against the API and would be far > more comfortable using a key/token that is useful only for the purposes > of interfacing with RT. This would prevent unintentional unsafe handling > of some users' credentials that might want to hardcode them in > scripts/tools. Also an API key can somewhat simplify the process of > interacting over sessions of multiple requests, replacing auth exchange > and cookie stashing with a more stateless mechanism.
ExternalAuth falls back to RT's internal database, so you can add a user/password used only for scripting and remote control purposes to the internal user database. If you want to masquerade as a given user for automation purposes that won't work so well, though. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
