LogicMonitor Staff Kurt Huffman Posted May 25, 2018 LogicMonitor Staff Share Posted May 25, 2018 (edited) Introduction Postman is widely used for interacting with various REST APIs such as LogicMonitor's. However, there is no out-of-the-box support for the LMv1 authentication method which we recommend as a best practice. This document describes how to configure Postman to use LMv1 authentication when interacting with our REST API. Overview Postman's pre-request script functionality provides the ability to generate the necessary Authorization header for LMv1 authentication. As the name suggests, the pre-request script runs immediately before the request is made to the API endpoint. We set the pre-request script at the collection level in Postman so that it will run automatically for every request that is part of the collection. The script requires three input parameters: a LogicMonitor API token (or ID), its associated key, and the full request URL. These parameters are made available to the script by creating a Postman environment and setting the values as environment variables. If you need to access multiple LogicMonitor accounts (portals), create a separate environment for each to store the applicable API and URL information. Since all API requests to a given account use the same base URL (https://<account>.logicmonitor.com/santaba/rest) it is convenient to store this as an environment variable. The output of the script is the value of the Authorization header. The script writes the header value to an environment variable which is then inserted as the Authorization header value in the request. Instructions 1. Download and install Postman. 2. Launch Postman and create a new collection that will be used for all LogicMonitor API requests. 3. In the create collection dialog, select the "Pre-request Scripts" section and paste in the following code. // Get API credentials from environment variables var api_id = pm.environment.get('api_id'); var api_key = pm.environment.get('api_key'); // Get the HTTP method from the request var http_verb = request.method; // Extract the resource path from the request URL var resource_path = request.url.replace(/(^{{url}})([^\?]+)(\?.*)?/, '$2'); // Get the current time in epoch format var epoch = (new Date()).getTime(); // If the request includes a payload, included it in the request variables var request_vars = (http_verb == 'GET'||http_verb == 'DELETE') ? http_verb + epoch + resource_path : http_verb + epoch + request.data + resource_path; // Generate the signature and build the Auth header var signature = btoa(CryptoJS.HmacSHA256(request_vars,api_key).toString()); var auth = "LMv1 " + api_id + ":" + signature + ":" + epoch; // Write the Auth header to the environment variable pm.environment.set('auth', auth); 4. Create a new environment. Create the environment variables shown below. You do not need to provide a value for the "auth" variable since this will be set by the pre-request script. Be sure to use the api_id, api_key, and url values appropriate for your LogicMonitor account. 5. Create a request and add it to the collection with the pre-request script. A sample request is shown below with the necessary parameters configured. 1. Set the environment for the request, 2. Set the HTTP method for the request. 3. Use {{url}} to pull the base URL from the environment variable. Add the resource path and any request parameters your API request may require. 4. Add the Authorization header and set the value to {{auth}} to pull the the value from the environment variable. 5. POST, PUT, and PATCH requests only: if your request includes JSON data, be sure to select the Body tab and add it. 6. Press Send to send the request. The response will appear below the request in Postman. Troubleshooting You receive the response "HTTP Status 401 - Unauthorized" Confirm the following: • The proper environment has been specified for the request. • The necessary environment variables have been set and their values are correct. Note that the script relies on the specific variable names used in this document: "api_id", "api_key", "url", and "auth". • The request is a member of the collection configured with the pre-request script. Postman reports "Could not get any response" or "There was an error in evaluating the Pre-request Script: TypeError: Cannot read property 'sigBytes' of undefined" Make sure you have set the proper environment for the request and all necessary environment variables and values are present. Edited May 25, 2018 by Kurt Huffman add tag Link to comment Share on other sites More sharing options...
Mosh Posted June 8, 2018 Share Posted June 8, 2018 Very useful, thanks! Link to comment Share on other sites More sharing options...
Nicklas Karlsson Posted November 7, 2018 Share Posted November 7, 2018 Is it possible to use other rest api motors like Restlet client (add in to chrome) and perform a clean request. in Postman You have a pre-request script in your environment for every request. WHy I'm wondering is that I want to Use Power BI to collect data from LM toll gather information from different system to show an central space for all systems we have. Link to comment Share on other sites More sharing options...
LogicMonitor Staff Kurt Huffman Posted November 7, 2018 Author LogicMonitor Staff Share Posted November 7, 2018 LMv1 (token-based) authentication relies on a dynamically generated signature in the Authorization header. Current time is one of the inputs for generating the signature which is why the pre-request script must be run for each request. While we recommend using LMv1 authentication due to its greater security, basic authentication (user-password) is supported for v1 of our API and is easily implemented when dynamic generation of the Authorization header is not possible. You can find more information about authenticating with our API here: Using LogicMonitor's REST API Link to comment Share on other sites More sharing options...
Jason Miller Posted March 22, 2019 Share Posted March 22, 2019 I got this to work with a GET however I get an authorization failed when doing a post, the api user I am using is a full admin Link to comment Share on other sites More sharing options...
LogicMonitor Staff Kurt Huffman Posted March 22, 2019 Author LogicMonitor Staff Share Posted March 22, 2019 If GET works but POST does not, there may be something wrong with the request variables in the script. Make sure the code in your script generating the request variables (request_vars) matches the code in the example. You can add a line to the relevant section of the script to inspect the request variables in the Postman console: // If the request includes a payload, included it in the request variables var request_vars = (http_verb == 'GET'||http_verb == 'DELETE') ? http_verb + epoch + resource_path : http_verb + epoch + request.data + resource_path; console.log(request_vars) After saving the change to the pre-request script, open the Postman console then send the request. request_vars for a GET request is just GET+timestamp+resource_path like this: GET1553268441890/device/groups request_vars for a POST request must include the body data between the timestamp and the resource path and so should look like this: POST1553267947762{"name":"Postman"}/device/groups I hope this helps. If not, feel free to share your POST request and I'll be happy to take a look. Link to comment Share on other sites More sharing options...
Jason Miller Posted March 28, 2019 Share Posted March 28, 2019 (edited) Ok I am getting "POST1553787894612[object Object]/sdt/sdts" Here is my script: // Get API credentials from environment variables var api_id = pm.environment.get('api_id'); var api_key = pm.environment.get('api_key'); // Get the HTTP method from the request var http_verb = request.method; // Extract the resource path from the request URL var resource_path = request.url.replace(/(^{{url}})([^\?]+)(\?.*)?/, '$2'); // Get the current time in epoch format var epoch = (new Date()).getTime(); // If the request includes a payload, included it in the request variables var request_vars = (http_verb == 'GET'||http_verb == 'DELETE') ? http_verb + epoch + resource_path : http_verb + epoch + request.data + resource_path; console.log(request_vars) // Generate the signature and build the Auth header var signature = btoa(CryptoJS.HmacSHA256(request_vars,api_key).toString()); var auth = "LMv1 " + api_id + ":" + signature + ":" + epoch; // Write the Auth header to the environment variable pm.environment.set('auth', auth); Here is the post: {{url}}/sdt/sdts?type=DeviceGroupSDT&deviceGroupFullPath=Test&sdtType=1&startDateTime=1553400000000&endDateTime=1553425200000&dataSourceName=Ping Edited March 28, 2019 by Jason Miller Add Post call Link to comment Share on other sites More sharing options...
LogicMonitor Staff Kurt Huffman Posted March 28, 2019 Author LogicMonitor Staff Share Posted March 28, 2019 Thanks for sharing. Your pre-request script looks good. But "[object Object]" in the request variables suggests that there is no data in the body of your request. POST requests require some body data, most often in JSON format. Here is example data for a POST to /sdt/sdts taken from https://www.logicmonitor.com/support/rest-api-developers-guide/v1/sdts/add-sdts/: {"sdtType":1,"type":"ServiceSDT","serviceId":47,"startDateTime":1469134752000,"endDateTime":1469144995000} In Postman, it would look like this: Confirm that your request contains properly formatted JSON data in the body. If it does, and you're still getting this error, I'll be happy to take a closer look. Link to comment Share on other sites More sharing options...
Jason Miller Posted March 28, 2019 Share Posted March 28, 2019 Got it, thanks a bunch Link to comment Share on other sites More sharing options...
AAmaker Posted June 4, 2020 Share Posted June 4, 2020 I'm trying to make a simple GET request ( /device/devices ) and I've successfully created my API access id in Logic Monitor user settings, but I don't see where I can obtain the KEY. Some documentation I found online seems to indicate I have to generate the key based on a base64 of a generated hash (HMAC256), while this thread seems to indicate(?) that the KEY is assigned along with the access ID. Can you please elaborate on how one goes about obtaining the KEY to use for the POSTMAN pre request script? Link to comment Share on other sites More sharing options...
Guest Stuart Weenig Posted June 4, 2020 Share Posted June 4, 2020 Yeah, when you generated the API id, it would have actually generated the ID along with the key. If you didn't write down the key somewhere, you'll need to destroy and recreate one. The access id and key are both generated as soon as you pick the user that the pair will belong to. After you hit the save button, you will never again be able to retrieve the access key from LM, hence the copy buttons. The id is clearly visible after saving, but not they key. Link to comment Share on other sites More sharing options...
AAmaker Posted June 4, 2020 Share Posted June 4, 2020 Awesome, thanks. I completely overlooked that. Getting results now and very appreciative of your help! Link to comment Share on other sites More sharing options...
AAmaker Posted June 10, 2020 Share Posted June 10, 2020 Another question regarding the REST API. I've had much success using a TEST API ID and KEY created under my own account / email address. I can make the necessary GET requests and obtain the JSON response for all the devices that I can see within Logic Monitor. There are OTHER devices / resources that fall outside what my individual account has access to and I've had our security / infrastructure team setup a logic monitor user account that has READ ONLY access to the other devices / resources. However when I login with that account and try to create a new API ID and Access Key, I don't see the ability to create a new one (there's no PLUS icon / symbol that I used before to create the initial / test key & ID) Which leads me to the question: Is this due to the fact that API access allows POSTs to perform actions through the REST API so therefore READ ONLY will NOT be able to have access to the API endpoints? (i.e. a READ ONLY user account lacks the necessary permissions to have access to the API?) Thanks for any light someone can share on this. Hopefully there's a way for my read only account to make API calls and get data, but something tells me it's a permissions / access rights issue where READ ONLY needs to be opened up to have WRITE permissions as well. Thanks for any light someone can shed on this for us. Link to comment Share on other sites More sharing options...
Guest Stuart Weenig Posted June 11, 2020 Share Posted June 11, 2020 The role the new user belongs to must have the ability to generate API tokens enabled (last on the right). More details way down on this support page: https://www.logicmonitor.com/support/settings/users-and-roles/roles#Settings-permissions Link to comment Share on other sites More sharing options...
LogicMonitor Staff Vishwajit Posted August 14, 2020 LogicMonitor Staff Share Posted August 14, 2020 Hello All, In case of Shared Widget - Alert List. I already have an "auth" token. When I tried to access my url by adding auth param key and value, I was getting 406 - Not acceptable. Anybody knows the solution? My URL: https://localdev.logicmonitor.com/santaba/rest/setting/resourcemanager/sharedalerts?auth=LMSTv1%3AwJE377djWf%3AZTk4MWU4YjZjNzFkNTcxNzc4NGY5ZWZmZmYwMmU3MmNmMTMwY2NhMzQ2MDgyMTM4ZDRhYTEzOTUyYzI2ZmJiZA%3D%3D&ids=DS72518338,DS72518337,DS68508088,DS63881101,DS63881100,DS63881099,DS63881098&_=1597393550193 HTTP Status 406 – Not Acceptable Type Status Report Message Not Acceptable Description The target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation. Apache Tomcat/8.5.33 Link to comment Share on other sites More sharing options...
AAmaker Posted August 14, 2020 Share Posted August 14, 2020 (edited) @Vishwajit I had this issue also, what I found was that the auth key cant be sent in the URL / Querystring as a parameter, but rather it has to be sent in the request headers. Do a search for sending auth token in request headers or use a tool like this (not sure how secure it is though) to play around with adding your token to header and see your data come back. That was my hurdle a few weeks back, and now I'm past that and everything else was relatively easy to put together for my custom linux service. Good luck! Edited August 14, 2020 by Stuart Weenig Removed link to non-recommended tool. Link to comment Share on other sites More sharing options...
AAmaker Posted August 14, 2020 Share Posted August 14, 2020 ... forgot to add, in my case I'm using the REST API though -- so I'm not sure about your 'shared widget' use case. Link to comment Share on other sites More sharing options...
Guest Stuart Weenig Posted August 14, 2020 Share Posted August 14, 2020 The Auth token for a shared widget cannot be used to make API calls. They are two completely separate sets of tokens. What you need to do is setup an API token that is associated with a user. All that said, what exactly is your goal? What are you trying to do? Link to comment Share on other sites More sharing options...
Guest Stuart Weenig Posted August 14, 2020 Share Posted August 14, 2020 1 hour ago, AAmaker said: not sure how secure it is though We recommend using Postman. This post describes what to do to get it setup in Postman, which is known to be secure. Link to comment Share on other sites More sharing options...
AAmaker Posted August 14, 2020 Share Posted August 14, 2020 3 minutes ago, Stuart Weenig said: We recommend using Postman. This post describes what to do to get it setup in Postman, which is known to be secure. Absolutely, I do use it and it helped in my development efforts a few weeks back (Postman Environment vars in and making the API requests with token in header)... I'll try to delete my earlier post to avoid confusing anyone who finds this thread in the future. Link to comment Share on other sites More sharing options...
Sean S. Posted October 6, 2021 Share Posted October 6, 2021 This was extremely helpful and very clearly written.....thank you!!! One thing to add is that some folks might need to configure their proxy settings under "File"->"Settings"->"Proxy". Link to comment Share on other sites More sharing options...
Sammy Posted July 28, 2022 Share Posted July 28, 2022 Had a question on adding additional filters based on system & custom properties to the API call for fetching devices under SDT. Able to fetch device list using https://abc.logicmonitor.com/santaba/rest/sdt/sdts?filtertype:DeviceSDT But when trying to filter by OS and support region as below, the filters are not getting applied. https://abc.logicmonitor.com/santaba/rest/sdt/sdts?filtertype:DeviceSDT,system.collectorplatform:windows,customProperties.name:cp_region,customProperties.value:EMEA Link to comment Share on other sites More sharing options...
Stuart Weenig Posted August 1, 2022 Share Posted August 1, 2022 I think this is answered in our other thread It comes down to the fact that those attributes aren't contained in the response of /sdt/sdts, so you can't filter by them. Solution provided in the other thread. Link to comment Share on other sites More sharing options...
Jason Clemons Posted August 2, 2022 Share Posted August 2, 2022 Hoping someone can help me out here. Using Postman, I've been able to get it working fine for individual GETs no problem. My issue comes up with trying to work with flows. I've got a simple chain that is intended to go through the list of devices and get specific Device Alert Settings, as below: The first request (getting the list) works fine. The second request comes back with 401 Auth failed. Looking in the console, it appears to be due to flows not being allowed to update environment variables, so it's not correctly updating the auth variable as the pre-req script can't do it. Is there a known way of working around this restriction? I've tried rewriting the header in the specific request's pre-request script to no avail. Link to comment Share on other sites More sharing options...
Raja Posted December 25, 2022 Share Posted December 25, 2022 Hello Team, I'm trying to download the device configuration from the LM via API call, with the above instructions authentication is working and planning to construct the full url with response properties from base query. but when i'm using multiple environment variables in URL, it returning auth error. Please help . Manual URI - {{url}}/device/devices/18421/devicedatasources/388204/instances Response is good. Dynamically feeding data device source - {{url}}/device/devices/18421/devicedatasources/{{dds_id}}/instances Error message - {"data":null,"errmsg":"Authentication failed","status":1401} Link to comment Share on other sites More sharing options...
Recommended Posts