Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

  • Hi guys,

    Just wondering if there is a generic guide on accessing the REST API. So far I have already been through the posts here, here and here, but still can't manage to get it working.

    I'm using mango 2.8.4, and Python 3.x with Requests library. Any suggestion would be much appreciated. Thanks.

    Warm regards,
    Michael


  • Hi Michael,

    Probably the most useful post would have been here but I have cleaned it up (Woody's removal of the password header doesn't work, and I like newlines in my prints usually) and reproduced it below:

    #!/usr/bin/python
    
    import requests
    
    s = requests.Session()
    s.headers.update({'Accept': 'application/json', 'Accept-Encoding': 'gzip,deflate,sdch', 'password': 'admin'});
    
    #Show session headers
    print s.headers, "\n\n"
    
    r = s.get('http://localhost/rest/v1/login/admin');
    #r = s.get('http://localhost:8080/rest/v1/login/admin');
    #Show headers sent
    print r.request.headers, "\n\n"
    
    #Show Login response JSON
    print r.text, "\n\n"
    
    #Remove password from headers
    del s.headers["password"]
    
    #you may need to set your X-Xsrf-Token header from the cookie, if so uncomment next line.
    #s.headers["X-Xsrf-Token"] = s.cookies["XSRF-TOKEN"]
    
    #Show all data points
    r = s.get('http://localhost/rest/v1/data-points');
    print r.text, "\n\n"
    

  • @phildunlap that worked brilliantly! cheers. -Michael


  • For anyone still having issues logging in, I could only see the v2 login option on my swagger and decided to tackle it. I am a COMPLETE beginner to Python but it was very frustrating to figure this out, so I thought I'd post it:

    #!/usr/bin/python
    
    import requests
    
    s = requests.Session()
    
    s.headers.update({'Accept': 'application/json', 'Accept-Encoding': 'gzip,deflate,sdch'});
    
    s.headers["X-Xsrf-Token"] = s.cookies["XSRF-TOKEN"]
    
    #print s.headers
    
    r = s.post('http://localhost/rest/v2/login',data='{"username":"admin","password":"yourPasswordHere"}')
    

    I receive <Response [200]> when I send this, and 403 when I do it any other way. Hope this helps someone!


  • Thanks for contributing what you got it working with!


  • @phildunlap Alright I'm sure you never tire of hearing from me, but I can't figure this out...I can successfully log in, and even though I continue using the same session (afaik), I can't seem to do anything but login. I'm sure it's my fault, but ... please help!

    #!/usr/bin/python
    
    import requests
    
    s = requests.Session()
    
    s.headers.update({'Accept': 'application/json', 'Accept-Encoding': 'gzip,deflate,sdch'})
    
    r = s.get('http://localhost/')
    s.headers["X-Xsrf-Token"] = s.cookies["XSRF-TOKEN"]
    print(s.headers)
    
    r = s.post('http://localhost/rest/v2/login',data='{"username":"admin","password":"yourPasswordHere"}')
    print(r)
    r = s.get('http://localhost/rest/v2/event-types')
    print(r)
    

    outputs:

    {'Connection': 'keep-alive', 'User-Agent': 'python-requests/2.4.3 CPython/2.7.9 Linux/3.10.82+', 'X-Xsrf-Token': 'c5bb2d4c-bf26-46da-ae68-ac1543f9fbd4', 'Accept': 'application/json', 'Accept-Encoding': 'gzip,deflate,sdch'}
    <Response [200]>
    <Response [401]>
    

  • Best not to worry about my internal state! It's an invitation for me to reflect on that, not the issue at hand, and nobody wants that!

    I fixed up your script below. Notably, you have to supply an XSRF token on your request to the login page, then change that token based on the response. You are setting the header from the login response before you log in! There is also the mysterious r = s.get('http://localhost/') that isn't doing anything good, and the content-type needed to be set for the POST, like,

    #!/usr/bin/python
    
    import requests
    
    s = requests.Session()
    
    s.headers.update({'Cookie':'XSRF-TOKEN=dc1d54de-fab1-4405-8ccb-ea677aadf7ca','X-Xsrf-Token':'dc1d54de-fab1-4405-8ccb-ea677aadf7ca','Accept': 'application/json', 'Accept-Encoding': 'gzip,deflate,sdch'})
    s.headers["Content-Type"] = "application/json"
    r = s.post('http://localhost/rest/v2/login',data='{"username":"admin","password":"yourpasswordhere"}')
    print(r.headers)
    
    del s.headers["Cookie"]
    del s.headers["X-Xsrf-Token"]
    s.headers.update({"X-Xsrf-Token": s.cookies["XSRF-TOKEN"]})
    del s.headers["Content-Type"]
    print(s.headers)
    
    r = s.get('http://localhost/rest/v2/event-types')
    print(r.text)
    

    The value I supplied for the initial cookie doesn't matter, it just needs to match the X-Xsrf-Token header along with it.


  • @phildunlap Thank you! Firstly, it worked. Secondly, I added that mysterious get line to add the cookies to the request, and it seemed to work since I got the 200 response, but not in the "correct" way ? The requests looks really weird to me, but it works! Yay! Thank you!


  • Ah! That would probably work, I never thought of getting the login page to have it set the cookie in the script. It may only have been setting the Content-Type header that was missing.


  • @phildunlap Ah! Well, this way creates less requests, so it's better anyways! Glad to know I wasn't crazy, just lazy =P


  • For anyone reading this thread, if you use Mango v3.3 you can now generate JWT authentication tokens from the users page on the new UI and use these to authenticate instead of logging in from your script.

    You do not need to use any CSRF/XSRF protection cookies/headers when using JWT authentication.

    Just set the one header on every request -
    Authorization: Bearer <token>