How to set pubapi password?

Hi,

I want to create channels, security definitions etc. using the Zato public API.
I need to provide a username/password combination to use the API.

The username is the well known ‘pubapi’.
However the password is automatically set and it seems cannot be changed without knowing the password.

Do you know of an automated solution (other than fetching the password from the database)?

regards,
Leo

Hi Rafal,

Thanks for responding, I hope you can help.

I’m afraid that in order to use zato.security.basic-auth.change-password to change the password for the pubapi user I need to authenticate using pubapi.

So I need to know the automatically created password in order to change it.
Its a catch 22.

Leo

Is it a strict requirement that it be done remotely?

Can the initial call, the one to change the password, be done from command line and subsequent ones would be through the API?

Services can be invoked from command line, which is documented below, and the command line client knows itself how to get hold of the password:

https://zato.io/docs/admin/cli/service-invoke.html

By the way, you can naturally change the password from web-admin as well:

https://zato.io/docs/web-admin/security/basic-auth.html

But I’m just assuming that you are looking for an automated means - otherwise, web-admin will be the most convenient option.

So far I used the web interface to setup Zato.
It works well for experimentation.
But now I want to roll out services using git version tags and Ansible.

So part of installing a service is a script that checks that the required entities (channels, security definitions, roles and whatnot) are present and configured correctly for the service.
And thus I need to know the password for pubapi.

Since this script can access the database it can find the password.
But that is not the proper way in my opinion.
So I tried to find a way to control the password, preferably when Zato is installed using Ansible.

zato service invoke might let me do just that.
I’m going to give it a try first thing tomorrow morning.
Thanks for the pointer!
There is still a lot to learn about Zato.

Certainly, this is all understood and you are right that there is no need to manually update anything in the database.

It’s just that you need to somehow prove that you can access the environment:

  • In web-admin you log in with credentials that let you do it
  • From command line, you have access to the server from an SSH session so you are already authenticated
  • From API, you need to provide a password

So in your situation with Ansible, I would just go for command line to change the initial password and follow up with API calls that could now use the newly configured password.