I am initiating a rest API call on to clients, the requirement is that I have to first save the text file containing the API on client location and then have to run it from there.
But the issue is that I have the username and the password in plain text is there any way that I can encode the user name and password for console admin?
Can you provide a bit more details on what you are trying to achieve?
Why do you have to save the credentials in a text file? Are you initiating this REST call using the BigFix agent via an actionscript? If so, you may be able to leverage secure parameters to avoid writing the the credentials to a file.
Thanks for your reply -
Details -
We have created client UI where in one page have created a click even(button), so once the user click on that button Bigfix API will run and the action will be executed.
So in that API we have inserted the credentials for authentication so that we can run the action via API.
I don’t think it is a good idea to use the REST API from an arbitrary desktop using the same credentials. Which I guess is what you are trying to do. One reason is that the credentials you are going to distribute everywhere should be able to create an action, if I understand what you are tying to achieve. That means you are exposing your environment, and also your BigFix deployment, to major attacks.
A better approach could be to have your own back-end server receive the request to open a ticket, and honor ONLY that request, and that back-end server then uses the BigFix REST API for your needs.
You are right, that is where we were stuck at but now it seems we have some path to proceed forward.
I will be more than thank full if you could please suggest some rough approach of how we honor the request to our server(Automatically) to open action.
Without knowing more, one approach that avoids the API altogether might be to have an open policy action that is relevant in certain conditions which can be triggered by the click event.