Token…anyone seen my token

Trying to learn python and scripting has lead me to using API calls. While some things are just fun to play with like FoaaS, others can be really useful.

Generally for a call to work, you need to have an API key. Some places may give you your API key, and some places you may need to generate one.

Generating one wasn’t really the problem, for the most part I was able to use my Google-Fu and find a ton of different ways to do this. Since I’m doing this with Python I decided to use requests for the OAuth2 piece. If you don’t have it already “pip install requests” will grab it for you.

What I was playing with a simple “Hello API” and the examples they had were all using curl.

Step 1 – Get your access token
curl -s -k -H “Content-Type: application/x-www-form-urlencoded” -X POST -d “client_id=” -d “client_secret=” -d “grant_type=client_credentials”

So reading man page/googling the options I was able to find out that “curl -H” is building the header and -d is the payload/data.

The easy part converting the curl to Python:

#! /usr/bin/env python

import requests

payload = {
    'grant_type': 'client_credentials',
    'client_id': "client ID",
    'client_secret': "client secret"
}

headers={
	'content-type': "application/x-www-form-urlencoded"
}

#-----------------------------------------------------------
	#Get access Token

r=requests.post("authentication url", data=payload, headers=headers)
print(r.text)

By doing this, I was able to login and generate the my access token and print it. So now I know what my token is.

Step 2 – Make the call

curl -s -k -H “Accept: application/json” -H “Authorization: Bearer

So I have my token, but how do I use it. Again my example was using curl, and yes it worked…but I wanted to do this as a single script. Google to the rescue!!

Since the response is coming back in json, I should be able to do something with that information, but how? Requests has a built in json decoder. By adding the “r.json()” after the post, I was able to cram the response into an object.

from pprint import pprint

r=requests.post("auth url", data=payload, headers=headers)
d=r.json()

pprint(r.json())

pprint gave me:

{u’access_token’: u’token’,
u’expires_in’: 3599,
u’token_type’: u’Bearer’}

Further digging/swearing/searching/swearing and I figured out how to take that data and make it a variable:

r=requests.post("https://cloudsso.cisco.com/as/token.oauth2", data=payload, headers=headers)
d=r.json()

#pprint(r.json())
mytok=d['access_token']

Now I have my token stored as a usable variable for Step 2. It took me a bit to figure out what the header configuration needed to look like. As you see from the curl example, I needed the Authorization to be + and at first I was trying to push both the “Bearer” and “Token” as a variable, but why? For this usage the token_type will always “Bearer”.

headers={
	'accept': "application/json",
	'authorization': "Bearer " + mytok
}

h=requests.get("hello api url", headers=headers)
print(h.text)

SUCCESS!!! Once I put all the pieces together, I can call the script and it does the login, grabs the token, stores the token as a variable, then uses it for the final call.

#! /usr/bin/env python

import requests
from pprint import pprint

payload = {
    'grant_type': 'client_credentials',
    'client_id': "client ID",
    'client_secret': "client secret"
}

headers={
	'content-type': "application/x-www-form-urlencoded"
}

#-----------------------------------------------------------
	#Get access Token and store in json

r=requests.post("oauth url", data=payload, headers=headers)
d=r.json()

#pprint(r.json())
mytok=d['access_token']

#------------------------------------------------------------
	# Use json data to fill token information
headers={
	'accept': "application/json",
	'authorization': "Bearer " + mytok
}

h=requests.get("hello api url", headers=headers)
print(h.text)

{“response”:”Hello World”}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.