Controllerless Networks

Frequent Contributor I

Get Aruba Central API Authcode with cURL

I'm trying to write a simple bash/cURL script to poll some data from Aruba Central REST API.


If I generate an offline token from the Central UI, I can successfully use it like:


curl "<token>" -X GET


However, that token expires after 2h. My goal is to have a script that I can run any time without manually having to create a new token.


I therefor try to use the "Authorization code grant" method to retrieve the TOKEN, however the first step in this process is to obtain the Authorization Code, for which I need to SSO login to a webpage and approve to get, and after that the token I finally gets still expires after 2h unless it's refreshed which my script won't do.


So, how do I automate the SSO login with cURL so my script can automatically retrieve a new auth_token with just the knowledge of my username, password and client_id?


I've tried:

curl -I -u '<password>!' "<client_id>&response_type=code&scope=all" -X GET

but that just results in a 302 redirect to the SSO page, and then I'm lost.


I might have missed something, but if you wanted to create an API integration with Central, is it intended that you must perform "Step 1" manually to start the integration and then keep it running and refreshed all the time within 2h? What if you have a 3h power interruption, are you supposed to need to re-perform this step manally? Doesn't make sense to me.


Ideally, I would have liked to be able to just create an off-line token without any expiration, but I assume that's not possible and not recommended.

Frequent Contributor I

Re: Get Aruba Central API Authcode with cURL

I think I can now answer my own question. The answer is, use the "refresh_token" that is available both in the "off-line" token available for download in Central, and when using the "auth code grant" method.


With the refresh_token you can request a new access_token when needed like this:


curl -i -X POST "${CLIENT_ID}&grant_type=refresh_token&refresh_token=${REFRESH_TOKEN}&client_secret=${CLIENT_SECRET}"

You then get back an access_token and a new refresh_token to use the next time a refresh is needed.


I still haven't found out the expiration time of the refresh_token in Aruba Central. Seems to differ from about 14 days to indefinite in different OAuth2 implementations.

New Contributor

Re: Get Aruba Central API Authcode with cURL

Token which was not used for 14 days to refresh it would expire automatically.

- Parshad
Search Airheads
Showing results for 
Search instead for 
Did you mean: