To access the Rest API in Cherwell is pretty straight forward, unless like me you are an engineer that users powershell… So here is may way to explain it as an engineer. First you need to understand how the Rest API works and how to configure Cherwell so you can access it.
It is straight forward, Well nearly….. you need:
- An account in Cherwell that has the rights that you want to. So If your account can create an incident in Cherwell then it can create an incident via the API
- A Client ID aka API key , aka API client id. You set one up like this this: go to CSM Adminuistrator (orange pill) > login > click security > click ‘Edit REST API client settings > click ‘create new client’ = green button (+) > give it a name and save. Your client key is auto-generated. see Securing the REST API
- Your client key basically gives you the right to use the Rest API
- Your Cherwell account gives you the right to do things.
- Your Cherwell account can use 4 type of authentications, but really, why would you use anything other than Windows Authentication! Well read on….
- Everything else in powershell is using the Invoke-RestMethod cmdlet
- In Cherwell you can use Swagger http://yourwebserver/cherwellapi/Swagger/ui/index to “prove” things work . Swagger is a tool to test your desired results. It will not write out code for you to use to connect to the REST API.
- Now the thing with Swagger is:
- You must use your client key at the top of the page where is says client ID
- You cannot use anything but an account that uses internal Authentication
- You authenticate by using one of the buttons on a function
Which is where you log in with an account that only has internal authentication
- Ok one thing to note: all cherwell internal authenticated accounts are prefixed with Cherwell\ for login purposes……
e.g. you set up Cherwell account called apitest with internal authentication so this is how you log in…Go figure….
- After that you are good to go and try to figure out how things work
- See this video for more about swagger
So not much powershell so far! but hey at least you have the basics so that you know Cherwell is setup Ok and works, before you get frustrated with your powershell code not working!
That I recommend is that you have two Cherwell accounts that are setup with identical rights.
One for use with Swagger
The other one for use with Powershell – why? from a security perspective I want to use windows authentication so i do not need to store usernames and password somewhere to be able to run powershell code.
But first, read and listen to some background about the Rest API
I have created a function here you can use to login to Cherwell http://britv8.com/powershell-cherwell-login-using-rest-api-and-windows-authentication/
When I say login, what i mean is get a token that is valid for a time period.