API Introduction

JumpServer provides authentication interfaces and rich API endpoints for automated operations, integration, and management.

API Access

API Authentication Types

Session

After logging into JumpServer, you can directly use <session_id> as an authentication method, obtained as follows

For example,Create assets in python

import requests
 
url = "http://loaclhost/api/v1/assets/hosts/"
querystring = {"platform":"1"}
 
payload = {
    "platform": {"pk": 1},
    "nodes": [{"pk": "70c0cf0e-c841-440d-854b-f820847e4cca"}],
    "protocols": [
        {
            "name": "ssh",
            "port": 22
        }
    ],
    "labels": [],
    "is_active": True,
    "name": "RULEhedan",
    "address": "10.0.10.1",
    "accounts": []
}
 
cookies = {
        'jms_sessionid': 'bsdbocm1nadjgkb016ov4v2evjfwgsxn',
        'jms_csrftoken': 'jHJWRcQRGo94yqLSFUY7tuMbaKTp37I8'
    }
 
headers = {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'X-JMS-ORG': '00000000-0000-0000-0000-000000000002',
        'X-Csrftoken': 'jHJWRcQRGo94yqLSFUY7tuMbaKTp37I8'
    }
 
response = requests.post(url, headers=headers, cookies=cookies,json=payload,params=querystring)
print(response.text)

Token: A one-time token valid for 24 hours, obtained as follows

curl -X POST https://localhost/api/v1/authentication/auth/ -H 'Content-Type: application/json' -d '{"username": "admin", "password": "passwd"}'

For example, getting the asset list

import requests
 
url = "http://loaclhost/api/v1/assets/platforms/"
 
querystring = {"category":"host","offset":"0","limit":"100","display":"1","draw":"1"}
headers = {"Authorization": "Bearer uXJ6He7P8TGPEiSbC98z6jB6f15HV1aTWuuz"}
 
response = requests.request("GET", url, headers=headers, params=querystring)
 
print(response.text)

Private Token: A permanent token that never expires, needs to be obtained by accessing the bastion host server

docker exec -it jms_core /bin/bash
 
cd /opt/jumpserver/apps
 
python manage.py shell
 
from users.models import User
u = User.objects.get(username='admin')
print(u.create_private_token())
EOF
u.private_token

For example, getting asset authorizations

import requests
 
url = "http://loaclhost/api/v1/perms/asset-permissions/"
 
querystring = {"asset":"","node":"","offset":"0","limit":"100","display":"1","draw":"1"}
headers = {"Authorization": "Bearer uXJ6He7P8TGPEiSbC98z6jB6f15HV1aTWuuz"}
 
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)

Access Key: An access key that needs to be created in <Your profile> under <Access Key> after logging into the bastion host

For example,Create assets in python

import requests
from httpsig.requests_auth import HTTPSignatureAuth
 
KEY_ID = '2e94d229-0025-4ab5-bef7-adb31ad4f300'
SECRET = '68068a5e-3a82-4503-ac73-c3101581d81f'
 
signature_headers = ['(request-target)', 'accept', 'date', 'host']
 
headers = {
  'Accept': 'application/json',
  'Date': "Mon, 22 Dep 2023 18:35:05 GMT"
}
auth = HTTPSignatureAuth(key_id=KEY_ID, secret=SECRET,
                       algorithm='hmac-sha256',
                       headers=signature_headers)
 
payload = {
    "platform": {"pk": 1},
    "nodes": [{"pk": "70c0cf0e-c841-440d-854b-f820847e4cca"}],
    "protocols": [
        {
            "name": "sftp",
            "port": 22
        },
        {
            "name": "ssh",
            "port": 22
        },
    ],
    "labels": [],
    "is_active": True,
    "name": "class_new1",
    "address": "10.0.10.1",
    "accounts": []
}
 
 
req = requests.post('http://loaclhost/api/v1/assets/hosts/',json=payload,auth=auth, headers=headers)
print(req.content.decode('utf-8'))