Authentication

To use Cloudomation you need an account. Please see signing up on how to sign up for an account. When you sign up you create a workspace with one user. You can later add more users to your workspace. All users of your workspace will share the same resources in Cloudomation.

Below are the descriptions on how to authenticate with Cloudomation using different methods.

Via the User Interface

To authenticate via the user interface you need to visit the login page. You need to enter your workspace name, user name, and your password. If you enabled Two-Factor-Authentication (2FA) for your user you also have to enter the current 2FA code.

Once all the required fields are filled in, you can click on “Login”. If the authentication is successful your browser receives a cookie. The cookie contains a JWT token which is used to authenticate by subsequent requests. The validity of the token depends on the “Remember me” setting. If “Remember me” was chosen, the cookie is valid for 90 days. Otherwise, it is valid for the browser session only. The browser session usually ends when the browser window is closed.

Via the REST API

To authenticate using the REST API you need to POST a JSON string containing your credentials to https://app.cloudomation.com/api/latest/auth. An example JSON might look like:

{
    "client_name": "CorpInc AG",
    "user_name": "kevin",
    "password": "secret"
}

If successful, the reply might look like:

{
    "client_id": "8ea28b78-3da5-468a-a553-2b504d301552",
    "client_name": "CorpInc AG",
    "user_id": "75a66b62-3c91-416b-a555-72672bfd319b",
    "user_name": "kevin",
    "is_client_admin": true,
    "is_system_admin": false,
    "token": "eyJ...",
    "token_expiry": 1538822075.055123
}

If unsuccessful, the API returns with HTTP 401: Unauthorized

{
    "client_name": "CorpInc AG", 
    "user_name": "kevin", 
    "password": "secret" 
}

Via the Command Line

In the command line, you can use a command line tool like curl to authenticate against the Cloudomation REST API. The schema of the request is described in the section “via the REST API“. Below are two example scripts which you can use to handle the authentication and to extract the token for further use.

Run the script via the command line. It will promt you to enter your workspace name, user name, and password. Do not store any of them in plain text within the script. The script will take your input and create an authentication token which you can then use to authenticate against the Cloudomation API.

Bash:

#!/usr/bin/env bash

echo "Authenticating..."
read -e -p "Workspace Name: " -i "CorpInc AG" CLIENT_NAME
read -e -p "User Name: " -i "kevin" USER_NAME
stty -echo
read -p "Password: " PASSWORD
stty echo
echo ""
AUTH="{\"client_name\":\"${CLIENT_NAME}\",\"user_name\":\"${USER_NAME}\",\"password\":\"${PASSWORD}\"}"

echo "Sending auth..."
REPLY=$(curl -m 2 -s -d "${AUTH}" https://app.cloudomation.com/api/latest/auth)
if [ "$?" -ne "0" ]; then
  echo "Failed to send auth!" 1>&2
  return 1
fi

if [ "${REPLY}" == "401: Unauthorized" ]; then
  echo "Authentication failed: ${REPLY}" 1>&2
  return 1
fi

echo "Extracting token..."
TOKEN=$(echo ${REPLY} | jq -r ".token")
if [ "$?" -ne "0" ]; then
  echo "Failed to extract token!" 1>&2
  return 1
fi

DIR=$(dirname $0)
TOKEN_FILE="${DIR}/token"
touch "${TOKEN_FILE}"
chmod 600 "${TOKEN_FILE}" || exit 1
echo "${TOKEN}" > "${TOKEN_FILE}"
chmod 400 "${TOKEN_FILE}"

echo "Token was stored in ${TOKEN_FILE}. All done!"

You can download the script here: auth.bash 

PowerShell:

Write-Host "Authenticating..."
$CLIENT_NAME_DEFAULT = "CorpInc AG"
$CLIENT_NAME = Read-Host -Prompt "Workspace Name [${CLIENT_NAME_DEFAULT}]"
if ("${CLIENT_NAME}" -eq "") {
    $CLIENT_NAME = "${CLIENT_NAME_DEFAULT}"
}
$USER_NAME_DEFAULT = "kevin"
$USER_NAME = Read-Host -Prompt "User Name [${USER_NAME_DEFAULT}]"
if ("${USER_NAME}" -eq "") {
    $USER_NAME = "${USER_NAME_DEFAULT}"
}
$PASSWORD_SEC = Read-Host -AsSecureString 'Password'
$PASSWORD = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(${PASSWORD_SEC}))

$AUTH = @{
    client_name = "${CLIENT_NAME}"
    user_name = "${USER_NAME}"
    password = "${PASSWORD}"
} | ConvertTo-Json

Write-Host "Sending auth..."
try {
    $REPLY = Invoke-RestMethod -Uri "https://app.cloudomation.com/api/latest/auth" -Method Post -Body "${AUTH}"
}
catch {
    $STATUS_CODE = $_.Exception.Response.StatusCode.value__
    if ($STATUS_CODE -eq "401") {
        Write-Error "Authentication failed: ${STATUS_CODE}"
        Exit 1
    }
}

echo "Extracting token..."
if(${REPLY}.token -eq $null) {
    Write-Error "Failed to extract token!"
    Exit 1
}
$TOKEN = ${REPLY}.token

$DIR = Split-Path -Parent $MyInvocation.MyCommand.Definition
$TOKEN_FILE = "${DIR}/token"
if (-Not (Test-Path "${TOKEN_FILE}"))
{
    New-Item -ItemType file "${TOKEN_FILE}" | Out-Null
}
if ($IsLinux) {
    Invoke-Expression "chmod 600 `"${TOKEN_FILE}`""
} elseif($IsWindows) {
    Set-ItemProperty "${TOKEN_FILE}" -name IsReadOnly -value $false
}
Set-Content -Path "${TOKEN_FILE}" -Value "${TOKEN}"
if ($IsLinux) {
    Invoke-Expression "chmod 400 `"${TOKEN_FILE}`""
} elseif($IsWindows) {
    Set-ItemProperty "${TOKEN_FILE}" -name IsReadOnly -value $true
}
Write-Host "Token was stored in ${TOKEN_FILE}. All done!"

You can download the script here: auth.bash 

The script saves the obtained token in a file called token next to the script itself. To use the token other scripts can read the content of the file:

$ ./auth.bash
Workspace Name: CorpInc AG
User Name: kevin
Password:
Sending auth...
Extracting token...
Token was stored in ./token. All done!
$ TOKEN=$(cat ./token)
$ echo $TOKEN
eyJ...

You can then use the token to authenticate further requests:

$ curl -s 'https://app.cloudomation.com/api/latest/user/kevin' -H "Authorization: $TOKEN" | jq .
{
  "updated": {
    "last_activity": "1531049907.7785194",
    "status": "active",
    "name": "kevin",
    "id": "75a66b62-3c91-416b-a555-72672bfd319b",
    "email": "kevin@example.com"
  }