Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-9123

Get and use Bearer Token for HTTP Agent items

XMLWordPrintable

    • Icon: New Feature Request New Feature Request
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • Frontend (F)

      Dear Zabbix Team,

      I have some use cases, in which I have to interact with different API interfaces (not Zabbix, just some random external services over the internet). Some modern web API interfaces are not accepting anymore username&password pairs to query data, only a long Bearer token is accepted after the initial authentication. Zabbix does support the initial authentication by using a normal HTTP Agent item, but by default it can not store the received token, which would be essential for the next steps. Since the current logic does not allow to store an item value as a macro, there is no trivial solution for this. This problem exists if a token can not have unlimited lifetime or your security policies forbid to use such.

      I see the following workarounds for this problem:

      • A global or template macro could be updated from time to time by using Zabbix API executed by a cronjob / timer, but it is pretty ugly.
      • Same as above, just by using a javascript preprocessing: https://blog.zabbix.com/maintaining-zabbix-api-token-via-javascript/15561/
      • Web scenarios have also a bit of potential, but such can not be used for dependent items.
      • An initial “wrapper“ template is required, which can transform the token request response to formulate a JSON array (by nesting the data into [{}] + dummy name value pair for the host prototype name), which can be then processed by a discovery. The discovery can store the token as an LLD macro, which can be then passed down by using a host prototype. This wrapper template can result a host object, where the token is already stored as a host macro. By using the right update interval in the wrapper the host can always get a valid token before the expiration time.

      Personally I use the latter option, which works pretty well, but it is still a hack.

      As already discussed within the customer support portal (GL-9124) this is not in the pipeline yet. 

      Without too much thinking (and without knowing well the Zabbix source code and it’s current limits) I think the same methodology what you have by “Populates host inventory fields” would be the best to store the Bearer token. Either Zabbix could enable to use the inventory values in items (not possible at the moment) or develop something similar by storing the token (or any value) within a macro. But I am not the right person to define that, I just wanted to give an example what could be an user friendly approach.

      I am confident that such a functionality would be highly welcomed by the community, especially for people, who are frequently interacting with APIs.

      This ticket was created to make this "missing feature" more visible for the community and to get some votes for it's implementation. Many thanks in advance for your efforts!

      Best regards,
      Tibor Volanszki

            vmurzins Valdis Murzins
            tibor.volanszki Tibor Volanszki
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: