Encrypting Password While REST API Call

Hi All,

I am initiating a rest API call on to clients, the requirement is that I have to first save the text file containing the API on client location and then have to run it from there.

But the issue is that I have the username and the password in plain text is there any way that I can encode the user name and password for console admin?

Can you provide a bit more details on what you are trying to achieve?

Why do you have to save the credentials in a text file? Are you initiating this REST call using the BigFix agent via an actionscript? If so, you may be able to leverage secure parameters to avoid writing the the credentials to a file.

Thanks for the reply Aram,

Basically, we are using the Bigfix API to open an incident remotely from a client on a create click event.

For that, we have created a function to call API and that file contains the Credentials.

Also - Could you please brief about -
you may be able to leverage secure parameters to avoid writing the credentials to a file.

See this thread around secure parameters: Help/Documentation With Using Secret Parameters in Fixlet. Given your description above however, I’m not certain it applies in this case.

Hi Aram,

Thanks for your reply -
Details -
We have created client UI where in one page have created a click even(button), so once the user click on that button Bigfix API will run and the action will be executed.

So in that API we have inserted the credentials for authentication so that we can run the action via API.

And we wanted to encrypt those credentials.

I don’t think it is a good idea to use the REST API from an arbitrary desktop using the same credentials. Which I guess is what you are trying to do. One reason is that the credentials you are going to distribute everywhere should be able to create an action, if I understand what you are tying to achieve. That means you are exposing your environment, and also your BigFix deployment, to major attacks.

A better approach could be to have your own back-end server receive the request to open a ticket, and honor ONLY that request, and that back-end server then uses the BigFix REST API for your needs.

Rosario.

Thanks Rosario for reply,

You are right, that is where we were stuck at but now it seems we have some path to proceed forward.

I will be more than thank full if you could please suggest some rough approach of how we honor the request to our server(Automatically) to open action.

Deepak Batra

Can you describe the use case in more details?

Without knowing more, one approach that avoids the API altogether might be to have an open policy action that is relevant in certain conditions which can be triggered by the click event.