Setup a PoC

Tom-Isaacson · December 16, 2024, 3:21am

I’m trying to setup a proof of concept using the Mender APIs but I can’t figure out where to configure the tenant token. I generated a public/private key using Sign and verify | Mender documentation and used it to call Mender API docs but I get “tenant token missing” in reply. I assume I need to upload the private key to the server but I can’t find any details for how to do that.

Also is “X-MEN-Signature” just supposed to be set to “string”?

Tom-Isaacson · December 16, 2024, 4:36am

I realised the body needs to contain tenant_token which is the value of Organization token from the web UI. My device appeared requiring authentication in the web UI and I approved it but I still get an error calling the API “signature verification failed”.

I tried setting X-MEN-Signature to ECDSA but got the same result. There’s nothing in the Audit Log of the web UI.

TheYoctoJester · December 16, 2024, 8:46pm

Hi @Tom-Isaacson,

Thanks for reaching out! Just so I can understand and hopefully help right: which API do you want to use? The tenant token is almost never needed, unless you want to write a custom client.

In the context of Mender, there are a number of tokens:

tenant: this one is constant and fixed for your whole organization. Its sole purpose is to correlated device authentication during the provisioning process to your organization.
session: a short-lived token that you can use for authenticating to API endpoints, but mostly superseded by personal access token since some time (see below).
personal access: allows authentication to API endpoints on the management backend. It is passed in the headers conceptually like this:

headers: {
	'Accept': 'application/json', # depending on endpoint
	'Authorization': 'Bearer ' + patToken, # patToken holds the token as string
	...other headers
}

Generally the APIs are used like this: Using the APIs | Mender documentation, and personal access tokens are specifically outlined at Using the APIs | Mender documentation.

Hope this helps, if not then please provide a bit more detail on the endpoint which you want to call.

Greetz,
Josef

Tom-Isaacson · December 16, 2024, 9:26pm

Ok, documentation is a bit poor. X-MEN-Signature is actually a signature as explained in How to write a custom client interfacing a Mender server. Documentation could do with an update.

My confusion now comes from all the different APIs being able to send custom data. That article says we need to call Device inventory with a minimum of device_type and the artifact_name. But this isn’t mentioned in the API spec? Then we can call Deployments v2 but this also includes additionalProperties. If I just add additionalProperties here I get 204 No Content so I assume I need to declare all additional properties in the inventory. But if this is the case why do I have the ability to add them to the Check Update call? Is this in case the values change?

Topic		Replies	Views
How to generate Device JWT token for hosted mender virtual device General Discussions	3	455	October 18, 2022
How to generate TenantToken for Production Mender Server General Discussions	4	668	July 31, 2019
Device Auth API Post Help General Discussions api	6	1636	February 18, 2020
What is Mender Tenant Token? General Discussions hosted-mender , tenant-token	3	1953	February 1, 2021
Identity Provider Login with API General Discussions	9	325	April 5, 2023

Setup a PoC

Related topics