|
|
(58 intermediate revisions by 2 users not shown) |
Line 5: |
Line 5: |
| * How to use a BigID token to receive data from BigID | | * How to use a BigID token to receive data from BigID |
| {{Box/end}} | | {{Box/end}} |
| | |
| | |
| | {{Scenario|As part of your data governance tasks, you need to get a list of data sources so you can be sure that your external data catalog has the right information. You've thought about doing this through the user interface, but you expect that you'll review this list around every three months. With that in mind, the BigID API seems like the best option. '''Discover and test the API calls you'll need to perform this task.'''}} |
| | |
| | The BigID API allows you to perform all the actions you're used to performing via the BigID user interface programmatically. This is perfect for scenarios like the one in this exercise where you need to perform the same operation on a scheduled basis. In order to communicate with BigID over its API, we first need to authenticate ourselves. |
|
| |
|
| == Authenticating with BigID == | | == Authenticating with BigID == |
|
| |
| The BigID API allows you to perform all the actions you're used to performing via the BigID user interface programmatically. In order to communicate with BigID over its API, we first need to authenticate ourselves.
| |
|
| |
|
| There are two ways to authenticate ourselves to BigID: | | There are two ways to authenticate ourselves to BigID: |
|
| |
|
| * Username and Password - This is the easiest way to authenticate to BigID. You provide a username and password to the /sessions endpoint and BigID will return a session token that is valid for any other API endpoints (given that user has permissions to access them) for 24 hours. | | * '''User Token''' - A user token (generated from Administration -> Access Management by a System Administrator) allows you to access BigID by exchanging a user token for a session token at the /refresh endpoint. This means you don't have to store your username and password within an application, but user tokens are only valid for a maximum of 999 days. |
| * User Token - A user token (generated from Administration -> Access Management by a System Administrator) allows you to access BigID by exchanging a user token for a session token at the /refresh endpoint. This means you don't have to store your username and password within an application, but user tokens are only valid for a maximum of 999 days.
| | * '''Username and Password''' - You provide a username and password to the /sessions endpoint and BigID will return a session token that is valid for any other API endpoints (given that user has permissions to access them) for 24 hours. This is a legacy authentication method and will only work for on-prem versions of BigID. [[BigID_API/User_Authentication|Details on this mechanism are here]] |
| | |
| In this tutorial, we're going to authenticate with BigID using Username/Password auth and retrieve a list of data sources.
| |
|
| |
|
| Below you'll see the POST request we'll use to authenticate. The body of the request contains our username and password and we're directing the request to the sessions endpoint in our BigID Sandbox system. Press {{Key|Send}} to get a session token.
| | == Token Authentication == |
| | {{:BigID_API/Token_Authentication}} |
|
| |
|
| <html>
| |
| <iframe style="border:0px; width:100%; height:300px; border-radius:10px;" src="https://apibrowser.mybigid.com/?url=sessions&method=POST&body=%7B%22username%22%3A%22bigid%22%2C%22password%22%3A%22bigid111%22%7D&selectedSetting=body"></iframe>
| |
| </html>
| |
|
| |
|
| <syntaxhighlight lang="JSON">
| | [[Category:Tutorial]][[Category:API]] |
| {
| |
| "success": true,
| |
| "message": "Enjoy your token!",
| |
| "auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJiaWdpZCIsInR5cGUiOiJhY2Nlc3MtdG9rZW4iLCJyb2xlSWRzIjpbIjVkOTNlODYwNWJjODhlMDAxYWY4MjhjMyJdLCJpc0FkbWluIjp0cnVlLCJpYXQiOjE2MzQxNjUwMDYsImV4cCI6MTYzNDI1MTQwNn0.Eqf7oJ0hjgDa4Yl48Hxp-2MVdsWKAZhFJIDXk5NPlu8",
| |
| "username": "bigid",
| |
| "firstName": "BigID Admin",
| |
| "permissions": [
| |
| "admin",
| |
| "permission.tasks.edit",
| |
| "permission.tasks.read_task_list",
| |
| "permission.dashboard.access",
| |
| "permission.inventory.access",
| |
| "permission.inventory.read",
| |
| "permission.inventory.export_objects",
| |
| "permission.inventory.export_attributes",
| |
| "permission.inventory.investigate_attributes",
| |
| "permission.inventory.export_entities",
| |
| "permission.inventory.read_entities",
| |
| "permission.correlation.access",
| |
| "permission.correlation.read",
| |
| "permission.correlation.manage",
| |
| "permission.clusterAnalysis.access",
| |
| "permission.clusterAnalysis.read",
| |
| "permission.clusterAnalysis.edit",
| |
| "permission.clusterAnalysis.export_objects",
| |
| "permission.aciAnalysis.read",
| |
| "permission.classification.access",
| |
| "permission.classification.read",
| |
| "permission.catalog.access",
| |
| "permission.catalog.read",
| |
| "permission.catalog.export",
| |
| "permission.catalog.investigate",
| |
| "permission.catalog.manual_fields.edit",
| |
| "permission.catalog.manual_fields.read",
| |
| "permission.catalog.business_attributes.edit",
| |
| "permission.catalog.business_attributes.read",
| |
| "permission.catalog.business_attributes.auto_populate",
| |
| "permission.catalog.decrypt",
| |
| "permission.catalog.manage_preview_file",
| |
| "permission.catalog.tags.assign",
| |
| "permission.policies.access",
| |
| "permission.policies.read",
| |
| "permission.policies.edit",
| |
| "permission.policies.delete",
| |
| "permission.policies.create",
| |
| "permission.policies.test",
| |
| "permission.scanResultsDetails.access",
| |
| "permission.scanResultsDetails.read",
| |
| "permission.scanResultsDetails.export",
| |
| "permission.scanResultsDetails.edit",
| |
| "permission.scanResultsDetails.edit_confidence_threshold",
| |
| "permission.scanResultsDetails.edit_confidence_level",
| |
| "permission.reports.access",
| |
| "permission.reports.read_activity_highlights",
| |
| "permission.reports.read_scan_result_summary",
| |
| "permission.reports.export_scan_files",
| |
| "permission.reports.export_data_custodian",
| |
| "permission.reports.export_files_attribute_distribution",
| |
| "permission.reports.export_failed_object",
| |
| "permission.reports.export_labeling_propagation",
| |
| "permission.reports.export_usage",
| |
| "permission.dataSources.access",
| |
| "permission.dataSources.read",
| |
| "permission.dataSources.edit",
| |
| "permission.dataSources.create",
| |
| "permission.dataSources.delete",
| |
| "permission.dataSources.export",
| |
| "permission.dataSources.import",
| |
| "permission.dataSources.test",
| |
| "permission.dataSources.delete_findings",
| |
| "permission.correlationSets.access",
| |
| "permission.correlationSets.read",
| |
| "permission.correlationSets.edit",
| |
| "permission.correlationSets.delete",
| |
| "permission.correlationSets.create",
| |
| "permission.correlationSets.export",
| |
| "permission.correlationSets.import",
| |
| "permission.correlationSets.test",
| |
| "permission.secondarySources.access",
| |
| "permission.secondarySources.read",
| |
| "permission.secondarySources.edit",
| |
| "permission.secondarySources.delete",
| |
| "permission.secondarySources.create",
| |
| "permission.secondarySources.run",
| |
| "permission.applicationSetup.access",
| |
| "permission.applicationSetup.read",
| |
| "permission.applicationSetup.edit",
| |
| "permission.applicationSetup.create",
| |
| "permission.applicationSetup.delete",
| |
| "permission.classifiers.access",
| |
| "permission.classifiers.read",
| |
| "permission.classifiers.edit",
| |
| "permission.classifiers.create",
| |
| "permission.classifiers.export",
| |
| "permission.classifiers.import",
| |
| "permission.classifiers.delete",
| |
| "permission.credentials.access",
| |
| "permission.credentials.read",
| |
| "permission.credentials.edit",
| |
| "permission.credentials.create",
| |
| "permission.credentials.test",
| |
| "permission.credentials.delete",
| |
| "permission.certificates.access",
| |
| "permission.certificates.read",
| |
| "permission.certificates.edit",
| |
| "permission.certificates.create",
| |
| "permission.certificates.delete",
| |
| "permission.tagsSavedQueries.access",
| |
| "permission.tagsSavedQueries.read",
| |
| "permission.tagsSavedQueries.edit",
| |
| "permission.tagsSavedQueries.create",
| |
| "permission.tagsSavedQueries.delete",
| |
| "permission.tags.access",
| |
| "permission.tags.read",
| |
| "permission.tags.edit",
| |
| "permission.tags.create",
| |
| "permission.tags.delete",
| |
| "permission.scanWindows.access",
| |
| "permission.scanWindows.read",
| |
| "permission.scanWindows.edit",
| |
| "permission.scanWindows.create",
| |
| "permission.scanWindows.delete",
| |
| "permission.accessManagement.access",
| |
| "permission.accessManagement.read",
| |
| "permission.accessManagement.manage",
| |
| "permission.accessManagement.read_on_behalf",
| |
| "permission.accessManagement.idp.read",
| |
| "permission.accessManagement.idp.manage",
| |
| "permission.actionCenter.access",
| |
| "permission.actionCenter.actions.access",
| |
| "permission.actionCenter.actions.read",
| |
| "permission.actionCenter.actions.create",
| |
| "permission.actionCenter.actions.delete",
| |
| "permission.actionCenter.actions.edit",
| |
| "permission.actionCenter.audit.access",
| |
| "permission.actionCenter.audit.read",
| |
| "permission.audit.access",
| |
| "permission.audit.read",
| |
| "permission.audit.export",
| |
| "permission.generalSettings.access",
| |
| "permission.generalSettings.business_glossary.read",
| |
| "permission.generalSettings.business_glossary.edit",
| |
| "permission.generalSettings.business_glossary.create",
| |
| "permission.generalSettings.business_glossary.export",
| |
| "permission.generalSettings.business_glossary.import",
| |
| "permission.generalSettings.business_glossary.delete",
| |
| "permission.generalSettings.email_setup.read",
| |
| "permission.generalSettings.email_setup.manage",
| |
| "permission.generalSettings.ignored_lists.read",
| |
| "permission.generalSettings.ignored_lists.edit",
| |
| "permission.generalSettings.ignored_lists.create",
| |
| "permission.generalSettings.ignored_lists.delete",
| |
| "permission.generalSettings.license.read",
| |
| "permission.generalSettings.license.edit",
| |
| "permission.scans.access",
| |
| "permission.scans.scan_profiles.read",
| |
| "permission.scans.scan_profiles.edit",
| |
| "permission.scans.scan_profiles.create",
| |
| "permission.scans.scan_profiles.delete",
| |
| "permission.scans.scan_profiles.run",
| |
| "permission.scans.scan_activity.read",
| |
| "permission.scans.scan_activity.edit",
| |
| "permission.advancedTools.access",
| |
| "permission.advancedTools.edit_clear_entities_cache",
| |
| "permission.advancedTools.delete_delete_pii_data",
| |
| "permission.advancedTools.delete_delete_findings",
| |
| "permission.advancedTools.edit_services_logs",
| |
| "permission.advancedTools.system_health.read",
| |
| "permission.advancedTools.system_health.manage",
| |
| "permission.advancedTools.system_health.run",
| |
| "permission.advancedTools.services_configuration.edit",
| |
| "permission.advancedTools.services_configuration.read",
| |
| "permission.advancedTools.delete_delete_clusters_results",
| |
| "permission.advancedTools.export_download_docvecs_result",
| |
| "permission.advancedTools.export_scan_result",
| |
| "permission.advancedTools.export_stream_collections",
| |
| "permission.dataRightsFulfillment.access",
| |
| "permission.dataRightsFulfillment.request.read",
| |
| "permission.dataRightsFulfillment.request.export",
| |
| "permission.dataRightsFulfillment.request.submit",
| |
| "permission.dataRightsFulfillment.request.stop",
| |
| "permission.dataRightsFulfillment.request.delete",
| |
| "permission.dataRightsFulfillment.request.manage",
| |
| "permission.dataRightsFulfillment.deletion_validation.read",
| |
| "permission.dataRightsFulfillment.deletion_validation.manage",
| |
| "permission.dataRightsFulfillment.deletion_validation.stop",
| |
| "permission.dataRightsFulfillment.audit.read",
| |
| "permission.dataRightsFulfillment.audit.export",
| |
| "permission.dataRightsFulfillment.profile_settings.read",
| |
| "permission.dataRightsFulfillment.profile_settings.edit",
| |
| "permission.dataRightsFulfillment.profile_settings.create",
| |
| "permission.dataRightsFulfillment.profile_settings.delete",
| |
| "permission.dataRightsFulfillment.profile_settings.export",
| |
| "permission.dataRightsFulfillment.profile_settings.import",
| |
| "permission.dataRightsFulfillment.privacy_portal_settings.manage",
| |
| "permission.dataRightsFulfillment.personal_information.read",
| |
| "permission.dataRightsFulfillment.personal_information.edit",
| |
| "permission.dataRightsFulfillment.personal_information.run",
| |
| "permission.dataRightsFulfillment.request.access",
| |
| "permission.dataRightsFulfillment.attributes_enrichment_settings.read",
| |
| "permission.dataRightsFulfillment.attributes_enrichment_settings.edit",
| |
| "permission.dataRightsFulfillment.report_templates.read",
| |
| "permission.dataRightsFulfillment.report_templates.edit",
| |
| "permission.consentGovernance.access",
| |
| "permission.consentGovernance.consent_sources.read",
| |
| "permission.consentGovernance.consent_sources.edit",
| |
| "permission.consentGovernance.consent_sources.create",
| |
| "permission.consentGovernance.consent_sources.test",
| |
| "permission.consentGovernance.consent_sources.delete",
| |
| "permission.consentGovernance.reports.read",
| |
| "permission.consentGovernance.reports.export",
| |
| "permission.consentGovernance.agreements.read",
| |
| "permission.consentGovernance.agreements.edit",
| |
| "permission.consentGovernance.agreements.create",
| |
| "permission.consentGovernance.agreements.delete",
| |
| "permission.dataProcessingAndSharing.access",
| |
| "permission.dataProcessingAndSharing.read",
| |
| "permission.dataProcessingAndSharing.manage",
| |
| "permission.applications.cyberark.read",
| |
| "permission.applications.cyberark.edit",
| |
| "permission.applications.cyberark.test",
| |
| "permission.applications.cyberark.create",
| |
| "permission.applications.cyberark.delete",
| |
| "permission.applications.hashicorp.read",
| |
| "permission.applications.hashicorp.edit",
| |
| "permission.applications.hashicorp.test",
| |
| "permission.applications.hashicorp.create",
| |
| "permission.applications.hashicorp.delete",
| |
| "permission.applications.file_labeling.read",
| |
| "permission.applications.file_labeling.import",
| |
| "permission.applications.file_labeling.manage",
| |
| "permission.applications.file_labeling.delete",
| |
| "permission.applications.risk.read",
| |
| "permission.applications.risk.manage",
| |
| "permission.applications.breach_response.read",
| |
| "permission.applications.breach_response.edit",
| |
| "permission.applications.breach_response.create",
| |
| "permission.applications.breach_response.explore",
| |
| "permission.applications.breach_response.delete",
| |
| "permission.applications.access_intelligence.read",
| |
| "permission.applications.manage_custom_apps",
| |
| "permission.applications.read_custom_apps",
| |
| "permission.applications.create_delete_custom_apps",
| |
| "permission.dataDeletion.access",
| |
| "permission.dataDeletion.read",
| |
| "permission.dataDeletion.export",
| |
| "permission.dataDeletion.run",
| |
| "permission.dataDeletion.manage",
| |
| "permission.dataDeletion.delete",
| |
| "permission.dataDeletion.manage_settings",
| |
| "permission.internal.manage",
| |
| "permission.scanner.manage",
| |
| "permission.customDashboard.access",
| |
| "permission.customDashboard.read_customDashboard",
| |
| "permission.customDashboard.manage_customDashboard"
| |
| ],
| |
| "email": "",
| |
| "isPasswordChangeNeeded": false
| |
| }</syntaxhighlight>
| |