Token…anyone seen my token

Trying to learn python and scripting has lead me to using API calls. While some things are just fun to play with like FoaaS, others can be really useful.

Generally for a call to work, you need to have an API key. Some places may give you your API key, and some places you may need to generate one.

Generating one wasn’t really the problem, for the most part I was able to use my Google-Fu and find a ton of different ways to do this. Since I’m doing this with Python I decided to use requests for the OAuth2 piece. If you don’t have it already “pip install requests” will grab it for you.

What I was playing with a simple “Hello API” and the examples they had were all using curl.

Step 1 – Get your access token
curl -s -k -H “Content-Type: application/x-www-form-urlencoded” -X POST -d “client_id=” -d “client_secret=” -d “grant_type=client_credentials”

So reading man page/googling the options I was able to find out that “curl -H” is building the header and -d is the payload/data.

The easy part converting the curl to Python:

#! /usr/bin/env python

import requests

payload = {
    'grant_type': 'client_credentials',
    'client_id': "client ID",
    'client_secret': "client secret"
}

headers={
	'content-type': "application/x-www-form-urlencoded"
}

#-----------------------------------------------------------
	#Get access Token

r=requests.post("authentication url", data=payload, headers=headers)
print(r.text)

By doing this, I was able to login and generate the my access token and print it. So now I know what my token is.

Step 2 – Make the call

curl -s -k -H “Accept: application/json” -H “Authorization: Bearer

So I have my token, but how do I use it. Again my example was using curl, and yes it worked…but I wanted to do this as a single script. Google to the rescue!!

Since the response is coming back in json, I should be able to do something with that information, but how? Requests has a built in json decoder. By adding the “r.json()” after the post, I was able to cram the response into an object.

from pprint import pprint

r=requests.post("auth url", data=payload, headers=headers)
d=r.json()

pprint(r.json())

pprint gave me:

{u’access_token’: u’token’,
u’expires_in’: 3599,
u’token_type’: u’Bearer’}

Further digging/swearing/searching/swearing and I figured out how to take that data and make it a variable:

r=requests.post("https://cloudsso.cisco.com/as/token.oauth2", data=payload, headers=headers)
d=r.json()

#pprint(r.json())
mytok=d['access_token']

Now I have my token stored as a usable variable for Step 2. It took me a bit to figure out what the header configuration needed to look like. As you see from the curl example, I needed the Authorization to be + and at first I was trying to push both the “Bearer” and “Token” as a variable, but why? For this usage the token_type will always “Bearer”.

headers={
	'accept': "application/json",
	'authorization': "Bearer " + mytok
}

h=requests.get("hello api url", headers=headers)
print(h.text)

SUCCESS!!! Once I put all the pieces together, I can call the script and it does the login, grabs the token, stores the token as a variable, then uses it for the final call.

#! /usr/bin/env python

import requests
from pprint import pprint

payload = {
    'grant_type': 'client_credentials',
    'client_id': "client ID",
    'client_secret': "client secret"
}

headers={
	'content-type': "application/x-www-form-urlencoded"
}

#-----------------------------------------------------------
	#Get access Token and store in json

r=requests.post("oauth url", data=payload, headers=headers)
d=r.json()

#pprint(r.json())
mytok=d['access_token']

#------------------------------------------------------------
	# Use json data to fill token information
headers={
	'accept': "application/json",
	'authorization': "Bearer " + mytok
}

h=requests.get("hello api url", headers=headers)
print(h.text)

{“response”:”Hello World”}

Scripting with Multiple Machines

I’ve been trying to learn python and scripting in general. If I can make certain parts of my job easier by writing a script why not?

With that I’ve taken to doing some customization on my environment.

    Using Zsh instead of bash (pulled from Homebrew)
    oh-my-zsh (customization of zsh)
    Homebrew (package manager, can install all kinds of fun things)
    Pathogen (runtime for VIM)
    help from friends! Tony Mattke, Teren Bryson and others.
    DropBox
    GitHub of course!

The problem I was having was how to keep my customization and scripts in sync between my work machine and my personal machine. The answer I found, well one answer that works for me, is DropBox! Though you could probably use any cloud storage provider you wanted. I created a folder in my DropBox called “sync” and I symlink the files/folders I want to keep in sync on both machines into it.

Now, when I make a change to my .vimrc, zsh custom folder, or basically anything else I have symlinked, the change gets reflected to the other machine.