6 Accessing NF Resources through Curl or Postman

This section describes how CNC Console access NF resources through curl or postman:

CNC Console IAM provides a REST API for generating and refreshing access tokens. The API is used to get access token.

1. Acquire an access token from CNC Console IAM by sending a POST request to the following URL:

   http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/${realm}/protocol/openid-connect/token

   Example:

   http://10.75.182.79:8080/cncc/auth/realms/cncc/protocol/openid-connect/token

2. The body of the request must be x-www-form-url encoded as given:

   'client_id': 'your_client_id',
   'username': 'your_username',
   'password': 'your_password',
   'grant_type': 'password'
    
   Example:
   'client_id': 'cncc',
   'username': 'admin',
   'password': 'admin',
   'grant_type': 'password'

3. The Curl Command must be given. The Curl Command is as follows:

    curl --location --request POST 'http://10.75.182.79:8080/cncc/auth/realms/cncc/protocol/openid-connect/token' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --data-urlencode 'grant_type=password' \
   --data-urlencode 'username=shreb' \
   --data-urlencode 'password=Shreb123!' \
   --data-urlencode 'client_id=cncc'
     

4. As the response user gets an access_token and a refresh_token. The response is as follows:

   {
       "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHS1N4WVhoWlExRVhrOVE5RTR3STN4WG9LcHI2RW5yOFJCdGlMVndPV0JZIn0.eyJqdGkiOiIwMTQzYzNhZC1kNjE3LTQyNTYtYTA2My01NGYxNGI5MDQ5MWMiLCJleHAiOjE1ODQ3MDAyMzUsIm5iZiI6MCwiaWF0IjoxNTg0Njk5OTM1LCJpc3MiOiJodHRwOi8vMTAuNzUuMjEzLjYwOjMwMDI0L2NuY2MvYXV0aC9yZWFsbXMvY25jYyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwMTJlNDI2OS02YzYwLTQzNWItYWExNC0yYWI3NmJjOWI1MjMiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhcGktZ2F0ZXdheSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjZjNDJkOTc4LTE0YWMtNDc5My1hMWUzLTc4OWNmYmRiMmI3NCIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiUENGX1JFQUQiLCJQQ0ZfV1JJVEUiLCJTQ1BfUkVBRCIsIm9mZmxpbmVfYWNjZXNzIiwiTlJGX1dSSVRFIiwiQURNSU4iLCJ1bWFfYXV0aG9yaXphdGlvbiIsIk5SRl9SRUFEIiwiU0NQX1dSSVRFIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiU2hyZXlhcyBCIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2hyZWIiLCJnaXZlbl9uYW1lIjoiU2hyZXlhcyIsImZhbWlseV9uYW1lIjoiQiIsImVtYWlsIjoic2hyZXlhcy5iQG9yYWNsZS5jb20ifQ.fXYyjmAbSSIFlLr2ZBEX2pfKrE_vr6Zbj8ta-l_tKlv2gTX1J3ehScg_m30swpWU7UojuFkyc8CfNZL2Z9mcs7zbq_zA7ZTlaWA_AgmeoXWapicX2wALT_YDU6Z3H7L9x1C1Ulp8aTBIBHPv2J-zgkrFDtk83NeKunKEGlEZpp-9MGDLQ5a8QX6SAUo-Fe6hNgF1vP0d7LCyjWvu6UvoeG_Fuxsi4xEVHcbSen8M3eueAt7xN7akhXZ_4PgWnxsWvQVqtTzsY6O-WyUjUiwtaTvpX0dPVVeeNDvWMY_0q0KvF_nnE3_wQtE8bu_LcCZYwDQJJTloj2PJ8y1WjO9l2Q",
       "expires_in": 300,
       "refresh_expires_in": 1800,
       "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3YTFlYjcyZi00MWE1LTRkMTEtYjRmZS01NDZjZGU5NjY2MTUifQ.eyJqdGkiOiJmYjAwZTY2OC0xZTkyLTRlMTUtYTVlMS1jZjgxNDFkMjllNDMiLCJleHAiOjE1ODQ3MDE3MzUsIm5iZiI6MCwiaWF0IjoxNTg0Njk5OTM1LCJpc3MiOiJodHRwOi8vMTAuNzUuMjEzLjYwOjMwMDI0L2NuY2MvYXV0aC9yZWFsbXMvY25jYyIsImF1ZCI6Imh0dHA6Ly8xMC43NS4yMTMuNjA6MzAwMjQvY25jYy9hdXRoL3JlYWxtcy9jbmNjIiwic3ViIjoiMDEyZTQyNjktNmM2MC00MzViLWFhMTQtMmFiNzZiYzliNTIzIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFwaS1nYXRld2F5IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNmM0MmQ5NzgtMTRhYy00NzkzLWExZTMtNzg5Y2ZiZGIyYjc0IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlBDRl9SRUFEIiwiUENGX1dSSVRFIiwiU0NQX1JFQUQiLCJvZmZsaW5lX2FjY2VzcyIsIk5SRl9XUklURSIsIkFETUlOIiwidW1hX2F1dGhvcml6YXRpb24iLCJOUkZfUkVBRCIsIlNDUF9XUklURSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.l8w3j1gMNgblKSYdvCmJQfg6yIfkdKnmFb5vKPF-ZIg",
       "token_type": "bearer",
       "not-before-policy": 0,
       "session_state": "6c42d978-14ac-4793-a1e3-789cfbdb2b74",
       "scope": "email profile"
   }

5. The access token must be used in every request to a NF resource by placing it in the Authorization header. The Authorization header is given below:

   GET : http://${cncc-core-ingress-external-ip}:${cncc-core-ingress-service-port}/soothsayer/v1/canaryrelease
    headers: {
       'Authorization': 'Bearer' + access_token
   }

6. Once the access_token has expired, it can be refreshed by sending a POST request to the same URL as above, but must have the refresh token instead of username and password. The format is given below:

   
   'client_id': 'your_client_id',
   'refresh_token': refresh_token_from_previous_request,
   'grant_type': 'refresh_token'
    
   Example:
   'client_id': 'cncc',
   'refresh_token': 'eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3YTFlYjcyZi00MWE1LTRkMTEtYjRmZS01NDZjZGU5NjY2MTUifQ.eyJqdGkiOiJmYjAwZTY2OC0xZTkyLTRlMTUtYTVlMS1jZjgxNDFkMjllNDMiLCJleHAiOjE1ODQ3MDE3MzUsIm5iZiI6MCwiaWF0IjoxNTg0Njk5OTM1LCJpc3MiOiJodHRwOi8vMTAuNzUuMjEzLjYwOjMwMDI0L2NuY2MvYXV0aC9yZWFsbXMvY25jYyIsImF1ZCI6Imh0dHA6Ly8xMC43NS4yMTMuNjA6MzAwMjQvY25jYy9hdXRoL3JlYWxtcy9jbmNjIiwic3ViIjoiMDEyZTQyNjktNmM2MC00MzViLWFhMTQtMmFiNzZiYzliNTIzIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFwaS1nYXRld2F5IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNmM0MmQ5NzgtMTRhYy00NzkzLWExZTMtNzg5Y2ZiZGIyYjc0IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlBDRl9SRUFEIiwiUENGX1dSSVRFIiwiU0NQX1JFQUQiLCJvZmZsaW5lX2FjY2VzcyIsIk5SRl9XUklURSIsIkFETUlOIiwidW1hX2F1dGhvcml6YXRpb24iLCJOUkZfUkVBRCIsIlNDUF9XUklURSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.l8w3j1gMNgblKSYdvCmJQfg6yIfkdKnmFb5vKPF-ZIg',
   'grant_type': 'refresh_token'
   

7. In response user gets new access_token and refresh_token.