How can a Jenkins user authentication details be “passed” to a script which uses Jenkins API to create jobs?

Question

I have a script that delete and re-create jobs through curl HTTP-calls and I want to get rid of any hard-coded \"username:password\". E.g. curl -X POST $url --user use

Answer 1

In order to use API tokens, users will have to obtain their own tokens, each from https://<jenkins-server>/me/configure or https://<jenkins-server>/user/<user-name>/configure. It is up to you, as the author of the script, to determine how users supply the token to the script. For example, in a Bourne Shell script running interactively inside a Git repository, where .gitignore contains /.jenkins_api_token, you might do something like:

api_token_file="$(git rev-parse --show-cdup).jenkins_api_token"
api_token=$(cat "$api_token_file" || true)
if [ -z "$api_token" ]; then
    echo
    echo "Obtain your API token from $JENKINS_URL/user/$user/configure"
    echo "After entering here, it will be saved in $api_token_file; keep it safe!"
    read -p "Enter your Jenkins API token: " api_token
    echo $api_token > "$api_token_file"
fi
curl -u $user:$api_token $JENKINS_URL/someCommand

Answer 2

• With Jenkins CLI you do not have to reload everything - you just can load the job (update-job command). You can't use tokens with CLI, AFAIK - you have to use password or password file.

• Token name for user can be obtained via http://<jenkins-server>/user/<username>/configure - push on 'Show API token' button.

• Here's a link on how to use API tokens (it uses wget, but curl is very similar).

Answer 3

Try this way: (for example delete the job)

curl --silent --show-error http://<username>:<api-token>@<jenkins-server>/job/<job-name>/doDelete

The api-token can be obtained from http://<jenkins-server>/user/<username>/configure.

Answer 4

I needed to explicitly add POST in the CURL command:

curl -X POST http://<user>:<token>@<server>/safeRestart

I also have the SafeRestart Plugin installed, in case that makes a difference.

Answer 5

This worked for me:

curl -u $username:$api_token -FSubmit=Build 'http://<jenkins-server>/job/<job-name>/buildWithParameters?environment='

API token can be obtained from Jenkins user configuration.

Answer 6

API token is the same as password from API point of view, see source code uses token in place of passwords for the API.

See related answer from @coffeebreaks in my question python-jenkins or jenkinsapi for jenkins remote access API in python

Others is described in doc to use http basic authentication model