Configuring the API
Network Ports
Each Tungsten Component listens for API calls using the following ports by default:
| Port | Component |
|---|---|
| 8090 | Manager |
| 8096 | Connector (Proxy) |
| 8097 | Replicator |
Should you wish to choose your own ports for the API, this can be handled by specifying the new ports in the tpm config using the following properties:
connector-rest-api-port=8096
manager-rest-api-port=8090
replicator-rest-api-port=8097
User Management
In APIv8 it is now mandatory to create the admin user via use of the rest-api-admin-user and rest-api-admin-password options during installation.
Additional admin users can be created after installation if required, this can be achieved via the following methods:
Using CURL commands
The POST call will allow creation of additional users.
shell> curl -k --request POST --location 'https://host1:8096/api/v8/users?i-am-sure=true' --header 'Content-Type: application/json' --header 'Authorization: ••••••' --data '{
"payloadType": "credentials",
"user":"tungsten2",
"pass":"security2"
}'
The PUT call can be used for password modification:
shell> curl -k --request PUT --location 'https://host1:8096/api/v8/users?i-am-sure=true' --header 'Content-Type: application/json' --header 'Authorization: ••••••' --data '{
"value": "new-password"
}'
Using tapi
The tapi tool can make the creation of the admin user simple and straightforward, the following example shows the use of this approach.
shell> tapi --create --host hostnamehere --create-user usernamehere --create-password passwordhere -v
Note that users created/modified through the curl and tapi calls only apply to the host on which the call was done. The same, identical call, will have to be re-run on each host of the cluster.
Usernames must NOT contain any of the following reserved characters: (space) ! # $ & ' ( ) * + , / : ; = ? @ [ ]
SSL/Encryption
SSL is enabled by default and will use the same keystore, certificates and aliases as the cluster TLS ones.
You can specify them with java-tls-keystore-path and java-truststore-path tpm options, or let tpm generate the certificates
for you during installation.
For more detailed information on SSL, see "Security for Tungsten Clustering" or "Security for Tungsten Replicator"
Enabling and Disabling the API
As previously mentioned, the API is enabled by default, listening only on localhost.
To disable the API, you will need to specify the following tpm options:
replicator-rest-api=false
manager-rest-api=false
connector-rest-api=false
or
rest-apis=false
To change the address that the API is listening on, you need to specify the following tpm options:
replicator-rest-api-address=0.0.0.0
connector-rest-api-address=0.0.0.0
manager-rest-api-address=0.0.0.0
or
rest-api-address=0.0.0.0
For more information on all of the tpm options for managing the API, see "api-gettingstarted-tpm-options"