API Lab Guide Part 2 - API Authentication

Corporate logotype

Estimated Time: 60 minutes.

Objective

API authentication is a crucial step in the process of accessing and utilizing APIs. It ensures that only authorized users are able to access the API and perform certain actions. There are several methods for authenticating API requests, including basic authentication, OAuth and API keys In this lab, we will explore these different methods and how they apply to the Apstra API.

The Lab Journey

In this lab we are going to look at a few API authentication basics that will set the foundations for future labs. We will cover:

  1. What API Authentication is

  2. Authentication types

    • Basic Authentication

    • Bearer Authentication

    • API Keys

  3. Apstra Specific Authentication

If you are comfortable with API authentication methods you may wish to skip to the final section (3. Apstra Specific Authentication)

1. What is API Authentication

API authentication is the process of verifying the identity of a client trying to access the resources of an API. This is important because it allows the API to determine what actions the client is allowed to take. In this lab, we will explore some common methods of API authentication, including their benefits and drawbacks.

The Apstra UI is actually a client of the API.

Apstra treats the API as a first-class citizen, meaning that all actions available through the UI are also available through the API.

2. API Auth Types

2.1. Basic Authentication

The simplest way to handle authentication is by sending the username and password with every API call. You can use an HTTP header and encode the username and password. The username and password are encoded using Base64.

{“admin:password123”} is the plain text string
“U3BvbmdlQm9iOlNxdWFdwZVBhbnRzCg” is the base64 encoded string

In the request header, you will see a header key for Authorization is created with the word BASIC followed by the encoded bse64 string.

“Authorization: Basic U3BvbmdlQm9iOlNxdWFyZVBhbnRzCg”

2.2. Bearer Authentication

Bearer Authentication, also known as token authentication, is a two-step process. In this authentication model, you, the user of an API, must first acquire a token and then use the token to authenticate & authorize your future requests. The API generates a secret key that is a long, difficult-to-guess string of numbers and letters.

Bearer Token

Once the server returns the API token any future requests should include an authorization header value that has the token. Unlike Basic Auth, you don’t need to encode the token itself because it’s already encoded for you by the authentication server. The header field may look like the example below.

Authorization: eyJhbGciOnR5cCI6IkpXVCJ9eyJhbGciOnR5cCI6IkpXVCJ9

2.3. API Keys

Authentication using API keys is very similar to Bearer Authentication, with only one difference, the way you acquire the API key itself. Unlike tokens, API keys do not have an expiry date. Moreover, API vendors generate an API key for you.

This method creates unique keys for developers and passes them alongside every request. The API generates a secret key that is a long, difficult-to-guess string of numbers and letters. It is typically passed alongside the API authorization header, the same as the bearer token above.

3. Apstra Specific Authentication

Apstra uses the bearer token method to authenticate and authorize API users. Once the token is generated it is valid for 24 hours and this value is not customizable.

The generation of the token is shown below - you can see the request is sent to the server that contains the username and password. The server response includes the generated API token.

Request Login Request

Response Login Response

4. Summary

In this lab, we explored the importance of authenticating API users, various authentication methods, and how Apstra handles API authentication. In the following labs, we will delve into using the Apstra API documentation and utilizing its capabilities.