How can I log in to a Daml Hub service account via Postman?

gyorgybalazsi · November 3, 2021, 10:57am

In the Daml Hub documentation I can see the URL and a description here: https://hub.daml.com/docs/api#section/Service-Account-Allocation

I have specified a service account label and generated a secret, but I couldn’t find a description about how to actually submit the account id and the secret for the API call.

I have found a forum discussion where I learnt how I can submit the API call using cURL:

curl -v -X POST https://login.projectdabl.com/sa/login -u $CRED_ID:$CRED

As an analogy to this cURL command, I’m trying to do the call with Postman, selecting Basic Auth and submitting the service account label as Username, and the credential as Password.

I get the following error:

{
    "message": "invalid authentication credentials supplied"
}

I get the same error when I try to use the party id or the party name as Username.

Where is my mistake?

Alex_Matson · November 3, 2021, 1:15pm

Hi @gyorgybalazsi ,

The SA endpoint has been folded into the Application API, and we recommend upgrading to it. I confirmed that the call succeeds in Postman with Basic Auth when using the new route, which is hosted on https://{app_subdomain}.daml.app/.hub/v1/sa/login

app_subdomain above will be the ledger ID by default

Hope that helps!

gyorgybalazsi · November 3, 2021, 1:19pm

Actually I used tis URL when my attempt was unsuccessful.

So Basic Auth is ok, and what should exactly be Username and Password?

On the Daml Hub admin UI I can specify a service account label and get a credential generated.

Alex_Matson · November 3, 2021, 1:23pm

The generated credential from the UI is a string such as cred-f5e67f6f-da1f-4299-a31d-d0843ad8276a:Hc4GhANa5bqS28gf

This is separated into two parts by the colon. The first part is the Credential ID (cred-f5e67f6f-da1f-4299-a31d-d0843ad8276a), which will be the Username in the Basic Auth scheme, and the second part is the secret which is used for the Password (Hc4GhANa5bqS28gf)

gyorgybalazsi · November 3, 2021, 1:47pm

Thanks, it works in this way.

Another question: how does the update of the SA credentials happen every 30 days in practice? The sysadmin has to go to the website to generate the credentials (potentially lots of them) manually, and paste them into the app as an env variable? Or is there an API end point for this?

Alex_Matson · November 3, 2021, 1:54pm

Yep, there’s no API end point at present for programmatically refreshing the service account credential itself - it must be updated in the application manually at the end of the 30 days

gyorgybalazsi · November 3, 2021, 1:57pm

Thanks!

Topic		Replies	Views
Daml Hub Service Account Login Questions damlhub	9	217	June 1, 2022
Non-manual method for creating parties on DAML hub Questions damlhub	4	364	June 1, 2022
Generate DAML hub compatible token through UI Questions damlhub , react , ui , react-ui	3	214	November 21, 2022
How to obtain User Grant Access Token using DAML Hub site credentials? Questions damlhub	4	196	February 13, 2023
Can users log in to Daml Hub via mobile apps? Questions damlhub	4	202	November 23, 2021

How can I log in to a Daml Hub service account via Postman?

Related Topics