Hello, I am trying to obtain the disconnection and connection data in json format from icingaweb 2 (installed in debian 10) through a python code, for later it works with that data but when executing the code it gives me this error: urllib.error .HTTPError: HTTP Error 403: Forbidden, I leave you my code so that you can guide me.
It might need a wild card like events/* – if that doesn’t work, we could do a quick test and assign “all permissions” (just a simple wildcard as shown below):
If that works, great, then you can start with individual endpoint permissions, otherwise something else might be wrong (ie, typo in the creds for the api call).
Oh, after adding/changing the permissions, you will want to reload the Icinga2 configs.
None of that works :(, and according to me the call to the api is fine, isn’t there a way to create a new root object with a new password and use it for the api?
Be sure and change that password.
As always, reload Icinga2 systemctl reload icinga2 or systemctl restart icinga2
But if you tried adding all permissions to the icingaweb2 api user, and reloaded, and still get the error, then your creds are probably wrong in the script.
Not really related, but I have a plug for the icinga2apic library for Python. This could help clean up the script a little and is a pretty straight forward Python3 client for Icinga2
I’ll quote myself again
You are currently querying the Icinga Web 2 webinterface and not the Icinga2 Core API. So the API user doesn’t come into play here (or brutally speaking: it is useless for your scenario).
Try the query with your user you log into the webinterface with (maybe the default admin icingaadmin?).
If you instead want to run queries against the core API (https://localhost:5665/v1/…), for which that user and the permissions are needed (as @steaksauce already explained):
See the API docs for more information and a step-by-step explanation.
Ooofff… It was so obvious (I thought you meant he was querying with a web user to the API), but I now notice that the URL in the request doesn’t have the API port
I have tried one of the url that appears in the api section of the icinga documentation and add it to my script, since I tried in different ways but I kept getting using the aforementioned error, when adding the new url below I got the error:
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)>
Does anyone know what this error is due to? I read that it was related to obtaining an SSL certificate.
This is a urllib python package error, not directly related to Icinga. You would likely encounter this making an API call to any URL that has a self-signed cert. Places like this stack overflow post would be the best bet for a work around.
I think the requests package just gives you a warning when you make a call like this – the warning shows in the output, but doesn’t prevent you from making the call. Of course, that package has it’s own ways around the warning.