Ad Widget

**valten** · 17-03-2020, 21:58

Originally posted by yuri69

Hello,
Is there a way to monitor a REST API service secured by OAuth2 using Zabbix 4?

Did you find any success? I'm facing the same problem with inability to get response body.

**yuri69** · 24-03-2020, 10:21

Originally posted by valten

Did you find any success? I'm facing the same problem with inability to get response body.

Sadly, I did not. It feels like Zabbix is not the right tool for this kind of application level monitoring. Zabbix is kind of targeted at the infrastructure.

**Avinasha** · 23-06-2020, 12:59

This can be done Using Zabbix Web URL monitoring. You can run a HTTP POST with Username and password and Use a variable to grab the token response and use this variable in next step to authenticate it. Let me know if you want more details on this.

**yuri69** · 23-06-2020, 14:06

Originally posted by Avinasha

This can be done Using Zabbix Web URL monitoring. You can run a HTTP POST with Username and password and Use a variable to grab the token response and use this variable in next step to authenticate it. Let me know if you want more details on this.

Do you mean https://www.zabbix.com/documentation...web_monitoring by By Web URL monitoring? If so, after the authentication I need to parse a value from the actual response body not just a HTTP status code.

Parsing a non-trivial JSON payload to a Web Scenario Variable using regex doesn't seem right. In my case I need to parse the service response.

**chok** · 13-08-2020, 14:53

I wanted to do the same. You can have further informations here : https://www.zabbix.com/documentation...toring/example

**richard.ostrochovsky** · 13-09-2021, 08:27

Since ZBX 5.2, it is possible to implement this also using Script item: https://www.zabbix.com/documentation...emtypes/script, which has an advatage of being usable also in low level discovery (in comparison with web scenario). I am using it this way (with OAuth2 Bearer tokens).

**Grumpyblade1994** · 10-02-2022, 12:25

Originally posted by richard.ostrochovsky

Since ZBX 5.2, it is possible to implement this also using Script item: https://www.zabbix.com/documentation...emtypes/script, which has an advatage of being usable also in low level discovery (in comparison with web scenario). I am using it this way (with OAuth2 Bearer tokens).

How did you archieved this? I have a similar Problem with OAuth2. Can you explain this to me?

**rahuls1436** · 07-11-2022, 14:24

yuri69 can you help me with step 5? I am able to prase access code to the jsonpath, now i am unable to figure out how to use the token in web scenario.

**yuri69** · 11-11-2022, 22:56

Originally posted by rahuls1436

yuri69 can you help me with step 5? I am able to prase access code to the jsonpath, now i am unable to figure out how to use the token in web scenario.

Great, jsonpath is cool. Save the token as a variable in the Variables section of the Web Scenario Step. Then simply use the variable in a following Step of the Web Scenario.

For example, the token would be saved to a

Code:

{access_token}

variable in the first Step. Then use it as Name:

Code:

Authorization

and Value:

Code:

Bearer {access_token}

in the Headers section of the second Step. The second Step would simply require the 200 status code.

**kajaaj** · 05-03-2024, 11:48

Hi yuri69 , I followed your steps, buit it is not working for me. I have a token that is one year valid, so I only need to log in to a page with token to search for required string. Is this the correct way (see screenshots)?

Attached Files

**cyber** · 06-03-2024, 11:46

Why bother with variables, if you can construct full header at once?

**kajaaj** · 07-03-2024, 16:29

yuri69 how did you manage to save the token in a variable in your first Step, to use it in your second Step?

I am trying to do this as is written here: https://www.zabbix.com/documentation...toring/example --> with regex:name="csrf-token" content="([0-9a-z]{16})"

But the problem is, that when I request for a token I only have an empty page with token which I have to save in variable, so I can not use regex:... as is stated above

My HTML Page with token, which I have to save as a variable to use it in 2. Step.

Attached Files

**rdf.8888** · 21-03-2024, 23:23

I have the same issue, a need to do HTTP checks, I already have the token, but after one hour a need it a new token. It would be useful if a can push a new token on macro something like

{$TOKEN} = {?last(//baerer.token)}

Does anyone know how to solve that?

Ad Widget

Monitoring REST API requiring OAuth2 Bearer Tokens

Monitoring REST API requiring OAuth2 Bearer Tokens

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment