View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How do I update an expired APIv3 token now that the Classic Manager has reached its EOL?
Log in to Ask a Question

How do I update an expired APIv3 token now that the Classic Manager has reached its EOL?

linode manager classic-manager apiv3 salt-stack salt api-token
Linode Staff

Hi!
We use salt-cloud to provision servers on Linode, however, salt-cloud only currently supports the v3 API:
https://github.com/saltstack/salt/issues/56319
Our v3 API key just expired, and because we can’t access the classic manager, we can’t create a new one!
Obviously, it’d be great if salt-cloud was updated to support the v4 API, but is there anything we can do in the interim?

4 Replies

Linode Staff

I can understand how frustrating this would be. The good news is there's an endpoint in APIv3 to update your key: user.getapikey()

This endpoint authenticates a Linode Manager user against their:

  • username
  • password
  • two-factor token (when enabled)

It then returns a new API key, which can be used until it expires.

Important things to know about this:

  • The number of active keys is limited to 20.
  • Batch requests will be rejected if they include this API action.

Parameters

username - string (required)*
password - string (required)*
token - string (optional)
Required when two-factor authentication is enabled. Emergency scratch codes are not permitted.*
expires - numeric (optional)
Number of hours the key will remain valid, between 0 and 8760. 0 means no expiration. Defaults to 168.
label - string (optional)
An optional label for this key.

Example Response

{
   "ERRORARRAY":[],
   "ACTION":"user.getAPIKey",
   "DATA":{
      "USERNAME":"chris",
      "API_KEY":"aNW3ydF53LpVftU9s50e0reFEwy0piwGhwaLKAj4okRZ"
   }
}

Errors

AUTHFAIL, NEEDTOKEN, PASSWORDEXPIRED, KEYLIMIT, TOTPEXPIRED, NOACCESS

Ok, thanks!

Is there a v3 client library that can be used to do this? Or a way with the linode-cli? The CLI app seems to want to have a key in advance to do anything. Or just like a curl command that I can substitute my username/password into?

Linode Staff

@mydropwizard The old CLI doesn't have support for APIv3's user.getAPIKey action, but you can curl APIv3 directly to the same effect, e.g.

curl https://api.linode.com/?api_action=user.getapikey&username=YOURUSERNAME&password=PASSWORD

If you have two-factor authentication enabled, you can pass the TOTP code to that call via the "token" parameter, like so:

curl https://api.linode.com/?api_action=user.getapikey&username=YOURUSERNAME&password=PASSWORD&token=123456

Hope this helps!

Linode Staff

For anyone who needs to remove an APIv3 key you can follow these steps. First, list your active keys to find the keyID:

curl 'https://api.linode.com/?api_action=user.listapikeys&api_key=$APIKEY'

Then, use the API keyID to remove any key you no longer want:

curl 'https://api.linode.com/?api_action=user.deleteapikey&api_key=$APIKEY&apikeyid=$KEYIDTOREMOVE'

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct