Authentication for HW/SW inventory web api

eric1 · February 22, 2024, 12:48pm

Hello,

my goal is to get host inventory data with HTTP API (cmk version 2.1).

I can successfully use the REST API with an authorization header as described in the docs:

curl --header “Authorization: Bearer automationuser password” “https://myserver/mysite/check_mk/api/1.0/objects/host_config/myhost”

But this doesn’t work with the HW/SW inventory API. I get no output:

curl --header “Authorization: Bearer automationuser password” “https://myserver/mysite/check_mk/host_inv_api.py?host=myhost&output_format=json”

I can access the HW/SW inventory API by adding _username and _secret parameters to the URL but this is not recommended because it’s logged by Apache.
How can I access the HW/SW inventory API using an authorization header?

In the REST API documentation I read about the column “host_mk_inventory” of hosts table. How does an URL have to look like to query that data?

Thanks in advance for your support.

joerg.mohar · February 22, 2024, 1:31pm

Hello Eric1. Please check here how to call data from Inventory API:
Implemented API for exporting the full host inventory…

You can also Query for specific data from this API using for example: http://mmwcheckmk/cmk_test/check_mk/host_inv_api.py?host=linux-for-alex&request={“paths”:[“software.packages.”]}&output_format=json

Not sure if it is planned to add Inventory Data to the RestAPI…but there is a feature request to upvote available: https://ideas.checkmk.com/suggestions/319204/add-hwsw-inventory-data-to-the-rest-api

eric1 · February 22, 2024, 3:51pm

Unfortunately the “Werk #3585” doesn’t mention user authentication. Does authorization with http header work with this api?

Anders · February 24, 2024, 10:43am

You don’t have to use GET for this, you can add the username/secret to a POST entry instead, that way it won’t show in the access logs…

eric1 · February 26, 2024, 10:40am

Thanks for that hint. I’m using a POST request now.

My working POST request using python requests:

r = requests.post(‘https://myserver/mysite/check_mk/host_inv_api.py’, headers = {‘Accept’: ‘application/json’}, data = {‘_username’: ‘abc’, ‘_secret’: passwd, ‘request’: ‘{“hosts”:[’ + hostlist + ‘]}’, ‘output_format’: ‘json’})

system · February 25, 2025, 10:40am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.