Authentication HTTP API Endpoint

Authentication HTTP API Endpoint

You can make external calls to HTTP API endpoints in your DC/OS cluster.

You must first obtain an HTTP API token and then include it in your HTTP request.

HTTP API tokens expire after 5 days. You can view the expiration time in the “exp” (Expiration Time) Claim of the JSON Web Token (JWT). You can refresh your token by re-logging in to DC/OS.

Generate the HTTP API token

You can obtain your HTTP API token using DC/OS CLI. When you log into the DC/OS CLI, you paste an authentication token into your terminal prompt. This authentication token logs you into DC/OS CLI but does not authenticate you to the HTTP API endpoints. Complete the following steps to obtain your HTTP API token.

Log in to the DC/OS CLI.

Logging into the DC/OS CLI causes your HTTP API token to be written to a configuration file. Type the following command to confirm that this write succeeded and view your HTTP API token.

dcos config show core.dcos_acs_token

Passing your HTTP API token to DC/OS endpoints

DC/OS endpoints expect to find your HTTP API token in the Authorization field of your HTTP header as follows.

Authorization: token=<your-http-token>

When using cURL, you can use the following bash $(dcos config show core.dcos_acs_token) to extract the token value from your configuration file.

The following full command shows how to authenticate to the Marathon API using cURL.

curl --header "Authorization: token=$(dcos config show core.dcos_acs_token)" http://<master-host-name>/service/marathon/v2/apps

The following full command shows how to authenticate to the Mesos API using cURL.

curl --header "Authorization: token=$(dcos config show core.dcos_acs_token)" http://<master-host-name>/mesos/master/state.json