LM API Auth - Bearer or LMv1 Token

Question

Hi allI've been using the Logic Monitor API for a while and tend to use the LMv1 token auth method.You have to calculate a base64 signature for each request, which is fine, I've written a function to handle that for me.&nbsp; But, given that Bearer tokens are available, I wonder if I'm just making this all a bit too difficult on myself 🤣As I understand it, if the API call was intercepted somehow, exposing the signature calculated from an LMv1 token would be less problematic because it's not the token itself, it has a limited lifetime and is valid just for the endpoint that was being used on that API call.Am I thinking along the rights lines security wise, or should I just make my life a little easier and switch to using Bearer tokens?Dave&nbsp;&nbsp;

jhupka · Answer

I find using Bearer tokens are much simpler and less moving parts.

Granted, once you get that function to create the LMv1 token written then things should be consistent...but I think we've been saying that about computers since the early '60s.

If you're always communicating over a secure connection, then you shouldn't "leak" the bearer token, and it should be safe to use. And if things are staying within your corporate network, then you're even more protected. I'm not suggesting using HTTP all willy-nilly, rather let's not forsake our trust in HTTPS 😂

I like the KISS advantages to being able to "throw it over the wall at LM" using a bearer token.

Forum Discussion

LM API Auth - Bearer or LMv1 Token

1 Reply

Recent Discussions

Can LM run a SQL Query against a specific Server/Database and alert based on the results?

LM / ServiceNow Integration

How long do you sit on hold waiting for Chat support?

Bug in version 223 related to netscan execution

Cisco Wireless Access Points/Wireless Lan Controller