This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SolarWinds REST API authentication

Hi guys,

As security is a priority for SolarWinds, what about providing a stronger authentication to use REST API rather than Basic Auth (user:password in base64) ?

In my company, SolarWinds API is behind an API management platform with OAuth2 authentication (to avoid direct connections from users), but between this APIM and SolarWinds API, we have to add Basic Auth into the Header to authenticate into SolarWinds platform (= solarwinds local user)

Security team is about to cut off our API because of that lack in security.

Parents
  • Are you doing direct REST calls (a-la curl or the equivalent)?

    What authentication method would your security team accept?  This should be fully encrypted when you are using an HTTPS call, even while in transit, so I'm wondering what they would prefer.  I'm not saying that we have their ideal solution, but that doesn't mean that we can't find a compromise.

    There are a few Feature Requests in the Orion Platform space that have some options, but I'd (personally) like to know if there's one you'd prefer.

    P.S.-If you see a FR you think is worthwhile, you should upvote it.

Reply
  • Are you doing direct REST calls (a-la curl or the equivalent)?

    What authentication method would your security team accept?  This should be fully encrypted when you are using an HTTPS call, even while in transit, so I'm wondering what they would prefer.  I'm not saying that we have their ideal solution, but that doesn't mean that we can't find a compromise.

    There are a few Feature Requests in the Orion Platform space that have some options, but I'd (personally) like to know if there's one you'd prefer.

    P.S.-If you see a FR you think is worthwhile, you should upvote it.

Children
No Data