Authentication
If you have set up ScaleOps with authentication, you must obtain an access token and pass it with each API request. ScaleOps currently supports authentication via the following providers:
- Azure Active Directory (Azure AD)
- LDAP / Built-In Authentication
How to Pass the Token
Once you have obtained an access token (see provider-specific instructions below), pass it in the Authorization header as a Bearer token:
curl -X POST "${SCALEOPS_API_URL}" -H "Authorization: Bearer $ACCESS_TOKEN"Azure Active Directory Authentication
To obtain an access token from Azure AD, you need the following credentials:
AZURE_CLIENT_ID- Application (client) ID of the Azure AD applicationAZURE_CLIENT_SECRET- Client Secret of the Azure AD applicationAZURE_TENANT_ID- Directory (tenant) ID of the Azure AD tenant
# Set your Azure credentials as environment variables
export AZURE_CLIENT_ID="your-client-id"
export AZURE_CLIENT_SECRET="your-client-secret"
export AZURE_TENANT_ID="your-tenant-id"
# Obtain the access token
RESPONSE=$(curl -sS -X POST "https://login.microsoftonline.com/${AZURE_TENANT_ID}/oauth2/token" \
-d "grant_type=client_credentials&client_id=${AZURE_CLIENT_ID}&client_secret=${AZURE_CLIENT_SECRET}&scope=https://graph.microsoft.com/.default")
# Extract the access_token from the response (requires jq)
ACCESS_TOKEN=$(echo $RESPONSE | jq -r '.access_token')Resources:
- See Azure ScaleOps integration to get the Azure credentials.
- Full example script: Azure Example
LDAP / Built-In Authentication
The following example shows how to obtain an access token from LDAP / Built-In:
# Required Environment variables:
# SCALEOPS_URL - ScaleOps URL (eg. https://scaleops.example.com)
# USER_NAME - Username
# PASSWORD - Password
ENCODED_TOKEN=$(curl -s -X POST "$SCALEOPS_URL/auth/callback" --cookie "auth_state=TOKEN" --json "{\"username\":\"$USER_NAME\",\"password\":\"$PASSWORD\"}" -o /dev/null -w "%{redirect_url}\n" | awk -F '=' '{print $2}')
ACCESS_TOKEN=$(python3 -c "from urllib.parse import unquote; import sys; print(unquote(sys.argv[1]))" "$ENCODED_TOKEN")Resources:
- Full example script: LDAP / Built-In Example
API Specification
Examples
Example request - get cost report for all workloads in the namespace “jenkins”, which are deployments and have the label “app=my-app”.
curl -X POST http://localhost:8080/detailedCostReport/getWorkloads?range=3d \
-H 'Authorization: Bearer $ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"namespaces":["jenkins"],"workloadTypes":["Deployment"], "labels":["app=my-app"]}'Example request - get cost report for all workloads not in the namespace “jenkins”.
curl -X POST http://localhost:8080/detailedCostReport/getWorkloads?range=3d \
-H 'Authorization: Bearer $ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"namespaces":["jenkins"],"isNamespaceExclude":true}'