Boundary api questions

Hi!
I tested the following two APIs to get targets information.

In case 1, a token error occurs.
In case 2, a parameter violation error occurs.

I have two questions.

  1. How do I enter the Token parameter?
  2. How can I get target information using recursive?

case 1
curl -X GET “https://boundary.dev.in/v1/targets?recursive=false&scope_id=p_0kOeTqgOBb

case 1
curl -X GET “https://boundary.dev.in/v1/targets?recursive=true

Thanks!

Hello and thanks for your interest in Boundary. While it might be easier to use Boundary CLI to access these endpoints, you can still hit the API directly. Here are some tips:

  1. If you have a token, add it to the Authorization header of each request as a Bearer token.
  2. Even recursive requests require a scope from which to start. If you want to retrieve all resources of a given type recursively, try scope_id=global.

Hope this helps. Let me know if you have any other questions!

1 Like

Hi! @randallmorey

Thanks for the reply

I solved it, but I have two questions.
And I know the CLI is easy, but I want to write automated scripts and provide them to users.

  1. I am trying to login to OIDC through the API. But I didn’t understand the PARAMETERS value.
    I have used the Authenticate API, but I am getting an error. What do I need to fix?
    curl -X POST “https://boundary.dev.in/v1/auth-methods/amoidc_eSqnNDWPzZ:authentication”
    {“kind”:“InvalidArgument”, “message”:“Invalid fields provided in request.”, “details”:{“request_fields”:[{“name”:“command”, “description”:" Invalid command authentication method type."}]}}%

  2. Can’t I use “boundary connect ssh” using the API?

Thanks!

Connecting to a target requires a local Boundary CLI binary or Boundary Desktop. On connect, Boundary launches a local proxy. It cannot be achieved entirely through the API. Since the CLI is required, we recommend leveraging it to perform authentication flows as well.

Boundary Authentication via the API

The custom method is :authenticate. The POST request to an authenticate endpoint must contain a body which includes the “command”. For example:

POST /v1/auth-methods/amid_1234:authenticate
{command: 'start'}

Which returns the OIDC URL where the user must complete the authentication flow, as well as a token_id which may be used to poll the Boundary controller for the authentication token:

{
  attributes: {
    auth_url: 'https://www.duckduckgo.com',
    token_id: 'token_1234'
  }
}

Once the user flow is kicked-off, you may poll the controller to see if the token is available (it is only available after the user has completed the flow):

POST /v1/auth-methods/amid_1234:authenticate
{
    "command": "token",
    "attributes": {
        "token_id": "token_1234"
    }
}

If the token is not available, an empty response is returned. When the token is available, you will receive a response similar to:

{
    "attributes": {
        "scope": {
            "scope": {
                "id": "global",
                "type": "global"
            },
            "id": "sid_1234",
            "authorized_collection_actions": {},
            "authorized_actions": [],
            "type": "org",
            "disabled": true,
            "updated_time": "",
            "created_time": "",
            "description": "Towels",
            "name": "monitor Security Cheese",
            "primary_auth_method_id": "auth-method-id-2"
        },
        "id": "token123",
        "token": "thetokenstring",
        "account_id": "1",
        "user_id": "user123",
        "auth_method_id": "authmethod123",
        "created_time": "",
        "updated_time": "",
        "last_used_time": "",
        "expiration_time": ""
    }
}
1 Like

Hi @randallmorey,
I’ve solved it.
Thanks!