Configuring the API
Network Ports
Each Tungsten Component listens for API calls using the following ports by default:
| Port | Component |
|---|---|
| 8090 | Manager |
| 8096 | Connector (Proxy) |
| 8097 | Replicator |
Should you wish to choose your own ports for the API, this can be handled by specifying the new ports in the tpm config using the following properties:
connector-rest-api-port=8096
manager-rest-api-port=8090
replicator-rest-api-port=8097
User Management
With our focus on security in the first release of the API, without any user created, only ping
and createAdminUser calls will be available. tpm makes it easy to create the administration
user at install through the following options:
rest-api-admin-user=tungsten
rest-api-admin-pass=secret
Once an admin user is created, all other APIs call will be available using basic HTTP authentication with that user/password.
If you haven't created the user as part of the initial installation, you can use the Dashboard GUI to do this if you use Tungsten Clustering, or use the CLI calls explained below.
If you plan to use the Dashboard GUI, you MUST ensure the API User has been created to allow the Dashboard to function correctly.
Using CURL commands
The createAdminUser call will allow creation and modification of REST API users.
shell> curl -k -H 'Content-type: application/json' --request POST 'https://127.0.0.1:8096/api/v2/createAdminUser?i-am-sure=true' > --data-raw '{
> "payloadType": "credentials",
> "user":"tungsten",
> "pass":"security"
> }'
{ "payloadType":"StringPayload",
"payloadVersion":"1",
"payload":{
"value":"https://127.0.0.1:8096/api/v2/user/tungsten"
}
}
Using tapi
The tapi tool can make the creation of the admin user simple and straightforward, the following example shows the use of this approach.
shell> tapi --create --host hostnamehere --create-user usernamehere --create-password passwordhere -v
Note that users created/modified through the curl and tapi calls only apply to the host on which the call was done. The same, identical call, will have to be re-run on each host of the cluster.
Usernames must NOT contain any of the following reserved characters: (space) ! # $ & ' ( ) * + , / : ; = ? @ [ ]
SSL/Encryption
SSL is enabled by default and will use the same keystore, certificates and aliases as the cluster TLS ones.
You can specify them with java-tls-keystore-path and java-truststore-path tpm options, or let tpm generate the certificates
for you during installation.
For more detailed information on SSL, see "Security for Tungsten Clustering" or "Security for Tungsten Replicator"
Enabling and Disabling the API
As previously mentioned, the API is enabled by default, listening only on localhost.
To disable the API, you will need to specify the following tpm options:
replicator-rest-api=false
manager-rest-api=false
connector-rest-api=false
To change the address that the API is listening on, you need to specify the following tpm options:
replicator-rest-api-address=0.0.0.0
connector-rest-api-address=0.0.0.0
manager-rest-api-address=0.0.0.0
For more information on all of the tpm options for managing the API, see "api-gettingstarted-tpm-options"