How to change API authentication

We will soon roll out a new jwt based authentication and need our API customers to do some minor changes. The authentication method will change, the API calls will stay the same with one breaking change:

Two breaking changes in API:

The authentication is changed from digest to jwt. In the login API "username/password" is changed to "email/password".

Here is how to change to the new jwt authentication

We will give you an alternative port on which you can access qbee.io and the API. Please do the following:

  • go to https://www.app.qbee.io:9443/ and reset your user password. Now you have your user on the regular qbee with old password and one on port "9443" with the new password.
  • Please create a new API user
  • you can turn on the 2 factor authentication, but your API user should not use 2FA (see below how to override this) qbee-api-user
  • now you can use the new jwt API authentication towards the "9443" port (https://www.app.qbee.io:9443/ )
  • when we have moved the full platform to jwt and 2FA we will give you time to change your API calls to go back to the standard port (then you only need to remove the 9443).

Below we will give some example cURL queries to get you started quickly. Please note that you need to have jq installed:

Install jq

apt-get install jq

The following example script shows how to authenticate and get the grouptree information. Username and password are provided as system variables $QBEE_USER and $QBEE_PW.

grouptree_no_files.sh

    successful_status_code='200'
    auth='false'
    i=0
    token=""

    while [[ "$auth" != "true" && $i -lt 10 ]]
    do
        echo "try number $((i++))"
        output=$(curl --request POST -sL --url 'https://www.app.qbee.io:9443/api/v2/login' \
            --header "Content-Type: application/json" \
            -d "{\"email\":\"$QBEE_USER\",\"password\":\"$QBEE_PW\"}"\
            -w "\n{\"http_code\":%{http_code}}\n")

        http_code=$(echo $output | jq -cs | jq -r '.[1].http_code')
        echo $http_code
        tokenValue=$(echo $output | jq -cs | jq -r '.[0].token')
        echo $tokenValue

        if [ "$http_code" != "$successful_status_code" ]

        then
            echo $tokenValue
        #uncomment next line to do nothing
        #: 
        else
            auth='true'

            apiOutput=$(curl --request GET -sL \
               --url 'https://www.app.qbee.io:9443/api/v2/grouptree?_format=json'\
               --header 'Authorization: Bearer '"$tokenValue")

            echo "API output is:\n$apiOutput"

            #uncomment to following to write to a file instead:
            # curl --request GET -sL \
            #    --url 'https://www.app.qbee.io:9443/api/v2/grouptree?_format=json'\
            #    --output './grouptree_result.json' \
            #    --header 'Authorization: Bearer '"$tokenValue" \

            # echo "$(cat grouptree_result.json)"

        fi

    done

Based on the above authentication a file delete and file upload would look like this:

delete_and_upload_file.sh

    successful_status_code='200'
    auth='false'
    i=0
    token=""

    while [[ "$auth" != "true" && $i -lt 10 ]]
    do
        echo "try number $((i++))"
        output=$(curl --request POST -sL --url 'https://www.app.qbee.io:9443/api/v2/login' \
            --header "Content-Type: application/json" \
            -d "{\"email\":\"$QBEE_USER\",\"password\":\"$QBEE_PW\"}"\
            -w "\n{\"http_code\":%{http_code}}\n")

        http_code=$(echo $output | jq -cs | jq -r '.[1].http_code')
        echo $http_code
        tokenValue=$(echo $output | jq -cs | jq -r '.[0].token')
        echo $tokenValue

        if [ "$http_code" != "$successful_status_code" ]

        then
            echo $tokenValue
        #uncomment next line to do nothing
        #: 
        else
            auth='true'

            apiOutput=$(curl -i --request "DELETE" -d "path=/my-folder/my-file.txt" -H "Content-type: application/x-www-form-urlencoded" \
               --url 'https://www.app.qbee.io:9443/api/v2/file'\
               --header 'Authorization: Bearer '"$tokenValue")
            echo "API output is:\n$apiOutput"

            apiOutput=$(curl -i --request POST -H "Content-Type:multipart/form-data" -F "path=/my-folder/" -F "file=@my-file.txt" \
               --url 'https://www.app.qbee.io:9443/api/v2/file'\
               --header 'Authorization: Bearer '"$tokenValue")
            echo "API output is:\n$apiOutput"

        fi

    done

In some of our demos we use github runner actions do distribute Node-Red files. Below you see how such a github runner action would look like assuming your Github secret for user is "QM" and for password is "QP":

main.yml

    name: Automated Node-Red flow file distribution

    on:
     push:
        branches: [ main ]
     pull_request:
        branches: [ main ]

    jobs:  


     build:
        runs-on: ubuntu-latest
        env:
            TARNAME: node-red-files.tar   

        steps:
        - uses: actions/checkout@v2

        - name: create tarball
          run: |
            mkdir ./tar
            tar --exclude='./.git' --exclude='README.md' --exclude='./.github' --exclude='./tar' -czvf ./tar/$TARNAME .

        - name: install jq
          run: |
            sudo apt-get install jq

        - name: copy to qbee file manager with jwt authentication
          run: |
            successful_status_code='200'
            auth='false'
            i=0
            token=""

            while [[ "$auth" != "true" && $i -lt 10 ]]
            do
                echo "try number $((i++))"
                output=$(curl --request POST -sL --url 'https://www.app.qbee.io:9443/api/v2/login' \
              --header "Content-Type: application/json" \
              -d "{\"email\":\"${{ secrets.QM }}\",\"password\":\"${{ secrets.QP }}\"}"\
              -w "\n{\"http_code\":%{http_code}}\n")

                http_code=$(echo $output | jq -cs | jq -r '.[1].http_code')
                echo $http_code
                tokenValue=$(echo $output | jq -cs | jq -r '.[0].token')
                echo $tokenValue

                if [ "$http_code" != "$successful_status_code" ]

                then
                    echo $tokenValue
                #uncomment next line to do nothing
                #: 
                else
                    auth='true'

                    apiOutput=$(curl -i --request "DELETE" -d "path=/node-red-demo/$TARNAME" -H "Content-type: application/x-www-form-urlencoded" \
                       --url 'https://www.app.qbee.io:9443/api/v2/file'\
                       --header 'Authorization: Bearer '"$tokenValue")
                    echo "API output is:\n$apiOutput"

                    apiOutput=$(curl -i --request POST -H "Content-Type:multipart/form-data" -F "path=/node-red-demo/" -F "file=@./tar/$TARNAME" \
                       --url 'https://www.app.qbee.io:9443/api/v2/file'\
                       --header 'Authorization: Bearer '"$tokenValue")
                    echo "API output is:\n$apiOutput"


                fi
            done

Please let us know if you have any questions.