如何为詹金斯获得 API 令牌

我正在尝试使用詹金斯 休息 API。说明书上说我需要 API 密钥。我在所有的配置页面中都找到了它。我怎样才能得到 Jenkins 的 API 密钥?

131931 次浏览
小开
最佳答案

Since Jenkins 2.129 the API token configuration has changed:

You can now have multiple tokens and name them. They can be revoked individually.

  1. Log in to Jenkins.
  2. Click you name (upper-right corner).
  3. Click Configure (left-side menu).
  4. Use "Add new Token" button to generate a new one then name it.
  5. You must copy the token when you generate it as you cannot view the token afterwards.
  6. Revoke old tokens when no longer needed.

Before Jenkins 2.129: Show the API token as follows:

  1. Log in to Jenkins.
  2. Click your name (upper-right corner).
  3. Click Configure (left-side menu).
  4. Click Show API Token.

The API token is revealed.

You can change the token by clicking the Change API Token button.

小开

The non UI way to do this post Jenkins 2.129 is:

curl 'https://<jenkinsURL>/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken' \
--data 'newTokenName=foo' \
--user username:Password

which returns:

{
"status": "ok",
"data": {
"tokenName": "foo",
"tokenUuid": "<uuid>",
"tokenValue": "<redacted>"
}
}

Pre Jenkins 2.129

curl http://<username>:<password>@<jenkins-url>/me/configure
小开

Tested in Jenkins 2.225

After making research for several hours I could find the answer:

The API token is used instead of the CSFR token. However, what happens if you want to make authentication from any other client (Postman, CLI, cURL, etc.)?

First you need to get a CSFR token and save the information in a cookie with --cookie-jar

Request

curl -s --cookie-jar /tmp/cookies -u username:password http://localhost:8080/crumbIssuer/api/json

Response

{ "_class": "hudson.security.csrf.DefaultCrumbIssuer", "crumb": "bc92944100d12780cfc251c9255f3f323a475562b4ee0d8b9cc6e4121f50a450", "crumbRequestField": "Jenkins-Crumb" }

Then we can read the cookie with --cookie and generate the new token:

Request

curl -X POST -H 'Jenkins-Crumb:your_crumb_token_generated_above' --cookie /tmp/cookies http://localhost:8080/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken?newTokenName=\your_token_name -u username:password

Response

{ "status": "ok", "data": { "tokenName": "my android token", "tokenUuid": "c510e26c-b2e8-4021-bf79-81d1e4c112af", "tokenValue": "11a2a0c91913d1391d8e8cb155ca714581" } }

小开

How to a generate Jenkins API token

The following commands need curl and jq. Execute them in the same session.

# Change the following appropriately
JENKINS_URL="http://localhost:8080"
JENKINS_USER=admin
JENKINS_USER_PASS=admin

Get the Crumb

JENKINS_CRUMB=$(curl -u "$JENKINS_USER:$JENKINS_USER_PASS" -s --cookie-jar /tmp/cookies $JENKINS_URL'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')

Get the access token

ACCESS_TOKEN=$(curl -u "$JENKINS_USER:$JENKINS_USER_PASS" -H $JENKINS_CRUMB -s \
--cookie /tmp/cookies $JENKINS_URL'/me/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken' \
--data 'newTokenName=GlobalToken' | jq -r '.data.tokenValue')

Consecutive API calls

Instead of the password, you need to use the token with the username along with the crumb that was generated.

curl -u $JENKINS_USER:$ACCESS_TOKEN \
-H $JENKINS_CRUMB \ ..........

提交答案