Each cluster process listens for API calls using the following ports by default:
Should you wish to choose your own ports for the API, this can be handled by specifying the new ports in the tpm config using the following properties:
connector-rest-api-port=8096manager-rest-api-port=8090replicator-rest-api-port=8097
In APIv8 it is now mandatory to create the admin user via use of the rest-api-admin-user
and rest-api-admin-password options during installation.
Additional admin users can be created after installation if required, this can be achieved via the following methods:
Using CURL commands
The POST call will allow creation of additional users.
shell> curl -k --request POST --location 'https://host1:8096/api/v8/users?i-am-sure=true' \
--header 'Content-Type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"payloadType": "credentials",
"user":"tungsten2",
"pass":"security2"
}'
The PUT call can be used for password modification:
shell> curl -k --request PUT --location 'https://host1:8096/api/v8/users?i-am-sure=true' \
--header 'Content-Type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"value": "new-password"
}'
Using tapi
The tapi tool can make the creation of additional admin users simple and straightforward, the following example shows the use of this approach.
shell> tapi --create --host hostnamehere --create-user usernamehere --create-password passwordhere -v
Note that users created/modified through the curl and tapi calls only apply to the host on which the call was done. The same, identical call, will have to be re-run on each host of the cluster.
Usernames must NOT contain any of the following reserved characters: (space) ! # $ & ' ( ) * + , / : ; = ? @ [ ]
SSL is enabled by default and will use the same keystore, certificates and aliases as the cluster TLS ones.
You can specify them with java-tls-keystore-path and java-truststore-path tpm options,
or let tpm generate the certificates for you during installation.
For more detailed information on SSL, see Chapter 5, Deployment: Security
As previously mentioned, the API is enabled by default, listening only on localhost.
To disable the API, you will need to specify the following tpm options:
replicator-rest-api=false manager-rest-api=false connector-rest-api=false
or
rest-apis=false
To change the address that the API is listening on, you need to specify the following tpm options:
replicator-rest-api-address=0.0.0.0 connector-rest-api-address=0.0.0.0 manager-rest-api-address=0.0.0.0
or
rest-api-address=0.0.0.0
For more information on all of the tpm options for managing the API, see Section 11.1.4, “Summary of all API TPM options”