User Provisioning API
The Provisioning API allows administrators to automate creating and provisioning user and service accounts, and enable Sysdig applications at scale for users.
For example, you can programmatically onboard users and configure their accounts by using a method of your choice without having to verify their email addresses.
The two primary flows for add passwords are:
Provision a user that is a real person:
- Create the user
- Leave the password blank
- Tell the user to login and reset the password
Provision a user as a service account, someone that doesn’t login
- Create the user
- Put a password in that only the admin knows, or is stored in something like Vault
- Use that password to build an api service without ever logging in
Prerequisites
Requires Administrator permissions (the
admin
role).An API client is installed.
The examples in this topic use simple HTTP calls.
Overview
When this API call is made, the following happens:
If the call is successful, the user is created as specified.
The user is added to the default team with the role defined in the team.
REST Resource: Provisioning
POST /api/user/provisioning/
Authorization: {{token}}
Content-Type: application/json
{
"username": "user@company",
}
See Sysdig REST API Conventions for generic conventions and authentication.
Request Parameters
Field | Description |
---|---|
Username (mandatory) | String The username should be in the format of an email address. The email address need not be functional. |
Password (optional) | String The password associated with the username you have provided. |
First and Last Name (optional) | String The first and last name of the account. |
Response Parameters
Field | Description |
---|---|
User data | The user data such as user plan. |
Token | The unique token string association with the user created. |
Sample Request: REST
REST
POST /api/user/provisioning/
Authorization: {{token}}
Content-Type: application/json
{
"username": "user@domain.tld",
}
Python SDK
from <sdc_url> import SdMonitorClient
api_token = "<your_api_token>"
client = SdMonitorClient(token=api_token,sdc_url="https://<backend-url>")
ok, user = client.create_user(user_email='user@domain.tld')
if ok:
print(user['token'])
Sample Response
The response consists of a standard user model response and the API token for the user.
{
"user": {
...<user data: ...see JSON Representation>
},
"token": {
"key": "<user_key>"
}
}
JSON Representation
The samples given below describes the user Provisioning API response in JSON format.
HTTP/1.1 201 Created
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Date: Mon, 01 Feb 2021 17:55:02 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip
Strict-Transport-Security: max-age=15768000
Set-Cookie: INGRESSCOOKIEAPI=0190df6e720daaa9; path=/; HttpOnly
{
"user": {
"termsAndConditions": false,
"timezone": "+00:00",
"pictureUrl": "http://www.gravatar.com/avatar/fec77cc55cf4ba4176609cfec69a25d6",
"customerSettings": {
"sysdig": {
"enabled": false,
"enabledSSE": false,
"buckets": []
},
"plan": {
"maxAgents": 0,
"onDemandAgents": 0,
"maxTeams": -1,
"timelines": [
{
"from": null,
"to": null,
"sampling": 10000000
},
{
"from": null,
"to": null,
"sampling": 60000000
},
{
"from": null,
"to": null,
"sampling": 600000000
},
{
"from": null,
"to": null,
"sampling": 3600000000
},
{
"from": null,
"to": null,
"sampling": 86400000000
}
],
"metricsSettings": {
"enforce": false,
"showExperimentals": false,
"limits": {
"jmx": 500,
"statsd": 1000,
"appCheck": 500,
"prometheus": 1000,
"prometheusPerProcess": 500,
"connections": 80,
"progAggregationCount": 12,
"appCheckAggregationCount": 12,
"promMetricsWeight": 0.0,
"topFilesCount": 10,
"topDevicesCount": 10,
"hostServerPorts": 10,
"containerServerPorts": 5,
"limitKubernetesResources": false,
"kubernetesPods": 10000,
"kubernetesJobs": 10000,
"containerDensity": 200,
"meerkatSuited": false
},
"enforceAgentAggregation": false,
"enablePromCalculatedIngestion": true
},
"secureEnabled": true,
"monitorEnabled": true,
"allocatedAgentsCount": 25,
"subscriptionState": "active",
"paymentsIntegrationId": {
"id": "19656859",
"ttl": {
"ttl": 3
}
},
"pricingPlan": "pro",
"indirectCustomer": true,
"trialPlanName": "monitor-14",
"partner": "None",
"overageAssessmentEligible": true
},
"environment": {}
},
"customer": {
"id": 1,
"name": "sdc-admin",
"accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
"externalId": "a674xxxx-xxxx-xxxx-xxxx-8247bd29xxxx",
"dateCreated": 1428687374000
},
"oauth": false,
"agentInstallParams": {
"accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
"collectorAddress": "collector.domain.tld",
"collectorPort": 6443,
"checkCertificate": true,
"sslEnabled": true
},
"properties": {
"has_been_invited": true
},
"resetPassword": false,
"additionalRoles": [],
"teamRoles": [
{
"teamId": 2674,
"teamName": "Full Infrastructure",
"teamTheme": "#7BB0B2",
"userId": 48199,
"userName": "user@domain.tld",
"role": "ROLE_TEAM_EDIT",
"admin": false
}
],
"lastUpdated": 1612202103000,
"dateActivated": 1612202103000,
"accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
"enabled": false,
"version": 1,
"id": 48199,
"products": [
"SDC"
],
"systemRole": "ROLE_USER",
"username": "user@domain.tld",
"status": "registered",
"dateCreated": 1612202103000
},
"token": {
"key": "<user_key>"
}
}
Example Account Creation without Activation Email
Sample Curl Command
curl -k -XPOST -H 'Authorization: Bearer 69a4xxxx-xxxx-xxxx-xxxx-4e942401xxxx' \
-H 'Content-Type: application/json' \
-d '{"username": "user@domain.tld", "password": "abc123"}' \
https://<backend-url>/api/user/provisioning/
Sample Result
{
"user":{
"termsAndConditions":true,
"timezone":"+00:00",
"pictureUrl":"http://www.gravatar.com/avatar/4b760b68a17be552fcc8b04503af80ca",
"customerSettings":{
"sysdig":{
"enabled":false,
"enabledSSE":false,
"buckets":[
]
},
"plan":{
"maxAgents":50,
"onDemandAgents":0,
"maxTeams":-1,
"timelines":[
{
"from":null,
"to":null,
"sampling":10000000
},
{
"from":null,
"to":null,
"sampling":60000000
},
{
"from":null,
"to":null,
"sampling":600000000
},
{
"from":null,
"to":null,
"sampling":3600000000
},
{
"from":null,
"to":null,
"sampling":86400000000
}
],
"metricsSettings":{
"enforce":false,
"showExperimentals":false,
"limits":{
"jmx":500,
"statsd":1000,
"appCheck":500,
"prometheus":1000,
"prometheusPerProcess":500,
"connections":80,
"progAggregationCount":12,
"appCheckAggregationCount":12,
"promMetricsWeight":0.0,
"topFilesCount":10,
"topDevicesCount":10,
"hostServerPorts":10,
"containerServerPorts":5,
"limitKubernetesResources":false,
"kubernetesPods":10000,
"kubernetesJobs":10000,
"containerDensity":200,
"meerkatSuited":false
},
"enforceAgentAggregation":true,
"enablePromScrapeV2":true
},
"secureEnabled":true,
"monitorEnabled":true,
"allocatedAgentsCount":15,
"paymentsIntegrationId":{
"id":"not migrated",
"ttl":{
"ttl":50
}
},
"pricingPlan":"onpremise",
"indirectCustomer":false,
"trialPlanName":"monitor-14",
"partner":"None",
"licenseExpirationDate":1677888000000,
"migratedToV2Direct":false,
"overageAssessmentEligible":false
},
"environment":{
}
},
"customer":{
"id":1,
"name":"<company-name>",
"accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
"externalId":"a79dxxxx-xxxx-xxxx-xxxx-2da0f75dxxxx",
"dateCreated":1646363720071
},
"oauth":false,
"agentInstallParams":{
"accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
"collectorAddress":"collector.domain.tld",
"collectorPort":6443,
"checkCertificate":true,
"sslEnabled":true
},
"properties":{
"has_been_invited":true
},
"resetPassword":false,
"additionalRoles":[
],
"teamRoles":[
{
"teamId":2,
"teamName":"Secure Operations",
"teamTheme":"#7BB0B2",
"userId":3,
"userName":"user@domain.tld",
"role":"ROLE_TEAM_EDIT",
"admin":false
}
],
"lastUpdated":1647395152277,
"dateActivated":1647395152231,
"accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
"enabled":true,
"version":1,
"status":"confirmed",
"systemRole":"ROLE_USER",
"products":[
"SDS"
],
"username":"user@domain.tld",
"dateCreated":1647395152238,
"name":"user@domain.tld",
"id":3
},
"token":{
"key":"<user_key>"
}
}
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.