Forum Discussion

TomRobijns's avatar
TomRobijns
Icon for Contributor III rankContributor III
28 days ago

No documentation on how to logon/logoff when using gql directly

The documentation about the ScienceLogic GraphQL API only mentions a login procedure when using the /gql endpoint. There is no information about how to log on (or log off) on the ScienceLogic platform and then use the API.

Link to the documentation: https://docs.sciencelogic.com/latest/Content/Web_Content_Dev_and_Integration/GraphQL_API/graphql_introduction.htm#authentication-and-user-access

For Logon, I have found a way to achieve this:

  • execute a GET request to <platformURI>/authenticate with basic authentication, using a valid SL1 Local user information.
  • From the response received, save the cookie information for later

Any subsequent call to the /gql endpoint (inserting the cookie information on each request) allows me to execute gql queries/mutations. I can also reuse that same cookie information if I want to execute REST API actions.

However, I do not succeed in 'forcing' a logoff from my previously created session: whatever I do, my session remains active and usable in the System > Monitor > Audit Logs. Only when I explicitly kill the session in that screen is my session invalid and I must login again.

Can this be added to the documentation please?

  • Hi Tom. Are you trying to log on and log off using the user interface (SL1)? The log on steps are here:

    We can add a step to return to SL1 by deleting /gql from the URL. Then you can log out of SL1 to close out of everything.

    Or is the issue that graphql stays up and running even after you log out of the SL1 user interface?

    Thanks,

    Mike

  • TomRobijns's avatar
    TomRobijns
    Icon for Contributor III rankContributor III

    Hi Mike,

    I am looking for a way to log on/log off without using the UI, so I can use that in scripts that interact with ScienceLogic.

    With the ui, I can indeed log on, go to the /gql endpoint and when I'm done I remove the /gql endpoint to click the log off button top right. When I use this, I can see my session starts and ends correctly.

    When logging on (in a script, not the UI) using the /authenticate endpoint, I successfully retrieve a session token I can use. But I have not been able to do a good logoff call (which supposingly should be a call to /authenticate/logoff?expired=false with my token): my session is still active and I can reuse it for the next couple of hours

    • Mike_Jasper's avatar
      Mike_Jasper
      Icon for Moderator rankModerator

      Okay, thanks for clarifying. I'll do some checking and let you know. Thanks!

  • Hi Tom. Here's more info from Engineering:

    When logging using a script, they should be passing basic authentication credentials in the header, not using sessions.

    You should not need to you use the SL1 `/authenticate` endpoint to log into the api. Sending basic auth should work.

    In the Halwa AP2 release (coming soon), the GraphiQL interface has been moved into the AP2 UI, where it should have been from the start. From Halwa on, scripts will be able to call the `/gql` endpoint, but the UI will not be available. This may make documentation easier as the user no longer has to differentiate between viewing the graphiql interface (which needs a session) and making api calls at the same endpoint; `/gql`.

    Let us know if you have any other questions, Tom.

    Best,

    Mike

  • TomRobijns's avatar
    TomRobijns
    Icon for Contributor III rankContributor III

    Hi Mike,

    I don't mind using basic authentication, however if I run a script which needs to do several iterations (eg. get all cpu data from all 200 windows servers in batches of 10), I have created 20 sessions, which stay active until they expire (in our case in 8 hours).

    I just verified this by trying to run a simple gql "{ account (id:"_self") { id user }}" 10 times ==> I get 10 separate sessions and they all stay there:

    The main reason I use the /authenticate option is to ensure all subsequent calls are done with the same session, as I have seen scenario's where an interface no longer worked because of too many active sessions for that user...