We are using cluster connect (bored agent) to support a dynamic set of edge devices. This means we need to automate the creation of cluster connect tokens. The API supports this with a valid Authorization header, but the API has no way to generate the Authorization header.
Workaround is currently to log into Lens ID and pull the Authorization header out of the browser developer console. This token only lasts 8 hours though, so we’re working to programmatically log in via a mock browser of some kind. This is obviously not ideal, and a gaping hole in the API design.
Ideally we should add support for api-key system, but in the meanwhile maybe you can try use the refresh token (not the access token you got from Authorization header)
Sorry I’m not following here, these statements seem at odds;
You said → “use the refresh token (not the access token you got from Authorization header)”
and then → “and use the access token in Authorization header to interact with our APIs.”
Also, if I have to programatically pull out the authorization token in order to get the refresh token, what good is the refresh token helping me with exactly?
Hell, the refresh token is the token you use to renew an access token, the access token is the token you use to interact with our APIs, the one you pull from the Authorization header is the access token, which expired every 8 hr, but the refresh token does has a longer life span (don’t how long but you can decode the token and check the .exp value).
