Command Line API Access

Command Line API Access

Some Web Applications can also be accessed as RESTful API’s. An example would be Prometheus, Grafana, Kibana, etc.

In this model, you create an ‘application’ in the system, and, when accessing via the Browser, are challenged to sign-in and provide an access token. To make this convenient for command-line access and other programmatic access, there are a set of techniques we can use.


See link to download the appropriate version for your OS and architecture. Place this on the path. There is no need to install nor run as root.

We can now test as follows:

~/bin/agilicus-agent proxify --release-train latest --auto-http-proxy --issuer /bin/bash

This will give us a shell with https_proxy set (the –auto-http-proxy) and we can now run curl -k https://myresource.MYCNAME . The first time, the user will be prompted with a web browser popup to confirm identity. Subsequent runs will be automatic.

NOTE: In order to use the ‘http proxy’ you must currently disregard TLS identity failure (since it does a local MITM to inject the access token). This restriction will be removed in a subsequent update.

The ‘proxify’ command sets some well-known environment variables and then runs a sub-process. A participating application can either use the AGILICUS_HTTP_PROXY (use this as an HTTP proxy and configure it appropriately), AGILICUS_ACCESS_TOKEN (add this as an HTTP Header ‘Authorization: Bearer $AGILICUS_ACCESS_TOKEN’), use the auto variable (https_proxy, used by many runtimes).

For Java-based runtimes, you may need to set the http.proxyHost and http.proxyPort variables.

agilicus-agent proxify --help
Run a sub-process (script etc) with environment variables set to HTTP proxy
Environment variables set include:
AGILICUS_ACCESS_TOKEN : you can add this in to 'Authorization: Bearer $AGILICUS_ACCESS_TOKEN'
AGILICUS_HTTP_PROXY : a URI in the form of http://localhost:port that will accept a CONNECT verb and add bearer-token
https_proxy : (if auto-http-proxy is set) if you are using golang, libcurl, etc, proxy will automatically occur. 
Example: agilicus-agent proxify --issuer https://auth.MYCNAME -- my-script arg1 arg2
agilicus-agent proxify [flags]
--auto-http-proxy                 If true, export https_proxy, used by libcurl, golang, …
--cfg-file string                 A path to a file containing the configuration
--check-update-time-seconds int   Specify the interval to check for a new release (default 14400)
--debug                           Enabled debug logging
-h, --help                            help for proxify
--issuer string                   The OpenID connect server from which to get a token (https://auth.MYCNAME)
--no-upgrades                     Do not try to run upgrades
--noauth-local-webserver          Log in using a different device
--release-train string            specify image release train (default "stable")