# curl: Authenticate to API using NETOSECRET {% stepper %} {% step %} ### ✅ Check Required Tools Ensures jq, openssl, and base64 are installed. Exits with an error message if any are missing. ```bash #!/bin/bash # Step 1: Check prerequisites for cmd in jq openssl base64; do if ! command -v "$cmd" >/dev/null 2>&1; then echo "❌ Required command '$cmd' not found. Please install it and retry." >&2 exit 1 fi done ``` {% endstep %} {% step %} ### 🔐 Load NETOSECRET Environment Variable Checks if $NETOSECRET is set. If not, explains how to set it and exits. ```bash # Step 2: Retrieve and validate NETOSECRET if [ -z "$NETOSECRET" ]; then echo "❌ Environment variable NETOSECRET is not set." echo "To retrieve this value from the Fusion Portal, see:" echo "https://docs.netography.com/reference/create-a-netography-api-key" exit 1 fi netosecret=$NETOSECRET ``` {% endstep %} {% step %} ### 📦 Decode and Extract Secret Fields Decodes the base64 JSON and extracts appname, appkey, shortname, and sharedsecret using jq. ```bash # Step 3: Decode the secret and extract fields using jq decoded=$(echo "$netosecret" | base64 -d) appname=$(echo "$decoded" | jq -r .appname) appkey=$(echo "$decoded" | jq -r .appkey) shortname=$(echo "$decoded" | jq -r .shortname) sharedsecret=$(echo "$decoded" | jq -r .sharedsecret) url=$(echo "$decoded" | jq -r .url) ``` {% endstep %} {% step %} ### 🏗️ Construct JWT Header and Payload Prepares the standard JWT header and payload with timestamps and identifiers. ```bash # Step 4: Create JWT header and payload header='{"alg":"HS256","typ":"JWT"}' iat=$(date +%s) jti=$((RANDOM * RANDOM)) payload=$(jq -nc \ --arg appname "$appname" \ --arg appkey "$appkey" \ --arg shortname "$shortname" \ --argjson iat "$iat" \ --argjson jti "$jti" \ '{iat:$iat,jti:$jti,appname:$appname,appkey:$appkey,shortname:$shortname}') ``` {% endstep %} {% step %} ### 🔁 Define Base64URL Encoder Defines a helper function to base64-encode in URL-safe format. ```bash # Step 5: Define base64url encoding function base64url() { openssl base64 -A | tr '+/' '-_' | tr -d '=' } ``` {% endstep %} {% step %} ### 📦 Encode Header and Payload Encodes the header and payload using base64url. ```bash # Step 6: Encode header and payload header64=$(echo -n "$header" | base64url) payload64=$(echo -n "$payload" | base64url) ``` {% endstep %} {% step %} ### ✍️ Sign the JWT Payload Uses openssl to sign the header and payload with the shared secret (HMAC-SHA256). ```bash # Step 7: Create JWT signature signature=$(printf "%s.%s" "$header64" "$payload64" \ | openssl dgst -sha256 -hmac "$sharedsecret" -binary \ | base64url) jwt="${header64}.${payload64}.${signature}" ``` {% endstep %} {% step %} ### 📤 Create JWT Request Token Concatenates the parts into the final JWT request token to send to API. ```bash # Step 8: Request bearer token token_response=$(curl -s -X POST \ --url "${url}/auth/token" \ -H "accept: application/json" \ -H "content-type: application/json" \ -d "$(jq -nc --arg jwt "$jwt" '{jwt:$jwt}')") ``` {% endstep %} {% step %} ### 🔐 Request bearer Token from API The JWT request token is sent to the /auth/token API endpoint using curl. If this is a valid API key, a bearer token will be returned. ```bash # Step 9: Output bearer token from "access_token" field access_token=$(echo "$token_response" | jq -r '.access_token // empty') ``` {% endstep %} {% step %} ### 🏁 Output bearer Token If the API returned the bearer token, output it. This can then be used to authenticate to subsequent API calls. ```bash if [ -n "$access_token" ]; then echo "$access_token" else echo "❌ access_token not found in response:" echo "$token_response" fi ``` {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/api-recipes/recipes/curl-authenticate-to-api-using-netosecret.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.