Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Gitlab API: How to generate the private token

This is what I tried:

curl http://git.ep.petrobras.com.br/api/v3/session --data-urlencode 'login=myUser&password=myPass'

Answer:

{"message":"401 Unauthorized"}

like image 368
rodvlopes Avatar asked May 13 '14 20:05

rodvlopes


People also ask

How do I get my API key token?

To generate an API tokenIn Admin Center, click Apps and integrations in the sidebar, then select APIs > Zendesk APIs. Click the Settings tab, and make sure Token Access is enabled. Click the Add API token button to the right of Active API Tokens. The token is generated and displayed.

How do I use a GitLab personal access token?

Navigate to “User Settings” > “Personal Access Tokens” and enter a name and, optionally, an expiration date: Read and write access to the repository should be sufficient for many use cases, but you can also pick additional scopes.


2 Answers

The problem is the data-urlencode CURL option. Since it's an HTTP POST you don't need to URL encode the data, and is actually encoding the & into & and causing your issue. Instead use the --data option.

curl http://git.ep.petrobras.com.br/api/v3/session --data 'login=myUser&password=myPass'

Also, be careful sending credentials over plain HTTP. It could be easily sniffed.

like image 82
Steven V Avatar answered Oct 01 '22 10:10

Steven V


This is how:

$ curl http://git.ep.petrobras.com.br/api/v3/session/ --data-urlencode 'login=myUser' --data-urlencode 'password=myPass'

The solution pointed out by Steven doesn't work if your username or password contains characters that have to be urleencoded. The name=content format will urlencode the content part (the name part has to be urlencoded but login and password are fine).

To actually retrieve the private_token you can pipe the output of curl into jq like this:

$ curl [as above] | jq --raw-output .private_token
x_the_private_token_value_x

This way you can easily use it in a shell script.

Also, as Steven pointed out already, please use https instead so that your password is not transmitted in clear text across the wire.

like image 33
josch Avatar answered Oct 01 '22 08:10

josch