Closed elgohr closed 1 year ago
tandr
commented
5 years ago hubclient.NewWithApiToken and hubclient.NewWithApiTokenAndClient are accepting API tokens.
hubclient also have client.CreateApiToken, client.DeleteApiToken and client.ListApiTokens to create, delete and enumerate them.
HTH
elgohr
commented
5 years ago This issue is about the API, not the CLI or SDK.
Th3Lourde
commented
1 year ago @elgohr I'm assuming that you already have a token. If you don't please indicate this and we can talk about that :)
When using the token for a rest client, add the following header:
Authorization: Bearer
When using the token for the go-client, you can pass the token to one of the two constructors that @tandr mentioned above.
It's also worth mentioning that the token listed in the url you linked is actually used to create bearer tokens. The token type that you linked does not expire, and is not a bearer token.
If you want to create a bearer token from the API token, you make a request to:
<your-blackduck-url>/api/tokens/authenticate, as per the documentation listed here
elgohr
commented
1 year ago Thank you @Th3Lourde
Authentication Black Duck enables you to generate one or more tokens for accessing Black Duck APIs. With access tokens, if a security breach occurs, the user’s credentials (which might be their SSO or LDAP credentials) are not directly compromised. To access Black Duck API, you must authenticate by doing the following steps::
- Generate an API token in Black Duck by going to the Black Duck UI, and from the user menu located on the top navigation bar, select My Access Tokens to open the My Access Tokens page where you generate your API token.
- Pass the API token in an HTTP POST to /api/tokens/authenticate to generate a Bearer token, which you use for authorization.
- Pass the bearer token in the authorization header of you API requests to get data from your Black Duck instance.
This was exactly the documentation that I was looking for
I'm just wondering how to use the API token (https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/109477972/How+to+Generate+an+API+Token+in+Black+Duck) for accessing the API. I'm not finding it in any implementation or documentation - just in the scanner.