API authentication using user name and password is it possible?

The octo.exe provides a way to authenticate using a user name and a password, is it possible to do the same via the rest APIs?

Hi @Picante

Thanks for getting in touch! In order to use the REST API, you do need to create an API key first.

Two members of our Solutions team ran a webinar last week on using the API that goes over all of this and more in great detail that may be worth watching if you haven’t already - you can watch that here Using the Octopus API to save time by automating repetitive tasks - YouTube

I hope this helps!


Thanks Stuart, because of the day that I would like to integrate with Octopus and for security reasons I would prefer that a user entered their credentials. Since I have read that Octopus is built API-first, would I be right to assume that the Octo.exe app uses the API interface to authenticate using user names and passwords? Or would you be able to comment if perhaps the octopus.client dot net client allows that.

Hi @Picante

The Octopus CLI uses an API key to authenticate - you can read more about that here. I believe the only way to authenticate using a name/password is by using the Octopus UI through a browser.

API keys have the same permissions as the account that the key belongs to. For example, if the key is created on an admin’s account, the key will have admin permissions. If the account is removed from the admin team, the API key will lose those permissions. If it’s added to other teams, it will gain those permissions.

It sounds like using a service account may be a good idea for you. These are API-only accounts that you can assign to specific teams. You can then create an API key for the service account and use that where it’s needed without relying on a normal user’s account.

Would that work for you?


Thanks Stuart, for security reasons an API key would not be suitable. But I think I have come up with a solution.
In my situation the interaction with the Octopus should not be complex so I decided to just make calls to the Rest API directly since I only need to trigger a deployment.

It appears that there is a way to authenticate against the api/users/login then you get a session with an auth cookie, then I can use this in further requests.
To contribute to this forum, just in case it might help someone, I am including the relevant section of my powershell script.



#Prompt for Creds
if ([System.String]::IsNullOrEmpty($Creds)){
$Creds=Get-Credential -UserName $env:UserName -Message “Enter Creds for $ESBaseURL”
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Creds.Password)
$ClearTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

#request body to send in first request

$req_body_str= ConvertTo-Json -InputObject $req_body -Depth 100 -Compress

#Auth and store Sessoin information with auth cookies in $outpuSession
$login_req = Invoke-RestMethod -Uri “$base_uri/users/login” -Method Post -ErrorVariable octoError -ContentType ‘application/json’ -Body $req_body_str -SessionVariable outpuSession

#Get project by name
$projects = Invoke-RestMethod -Uri “$base_uri/projects?partialName=$([uri]::EscapeDataString($projectName))&skip=0&take=100” -Headers $headers -ErrorVariable octoError -WebSession $outpuSession
$project = $projects.Items | Where-Object { $_.Name -eq $projectName }
Write-Host “Using Project named $($project.Name) with id $($project.Id)”

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.