Authentication Prerequisites

Before configuring secure RESTCONF or gNMI connectivity, ensure you have established the necessary authentication tokens and administrative access. Provider Connectivity Assurance utilizes a dual-authentication strategy: mTLS for RESTCONF and Personal Access Tokens (PAT) for gNMI.

General Requirements

You must possess at least one of the following to authenticate with the Provider Connectivity Assurance APIs:

• Bearer Token: Obtained via standard OAuth2 flow.

• PAT Token: Created via the Zitadel UI or Management API.

• Administrative Access: Access to the Zitadel Admin UI at https://<PCA_IP>:3443.

Create a PAT Token

Personal Access Tokens are required for gNMI streaming and can be generated manually or programmatically.

Option A: Via Zitadel UI (Manual)

1. Open your browser and navigate to: https://<PCA_IP>:3443

2. Log in with your administrative credentials.

3. Navigate to Users and select your specific user profile.

4. Go to the Personal Access Tokens section.

5. Click Create New Token.

6. Set an expiration date and copy the token immediately. Note: The token is only displayed once.

Option B: Via API (Automated)

To create a PAT token programmatically, you must first obtain a Bearer token. Use the following two-step process:

# Step 1: Retrieve your User ID
        curl -sk -X GET "https://<PCA_IP>:3443/auth/v1/users/me" \
        -H "Authorization: Bearer <YOUR_BEARER_TOKEN>" \
        -H "Content-Type: application/json"
        
        

        # Step 2: Create the PAT token using the User ID from Step 1
        curl -sk -X POST "https://<PCA_IP>:3443/management/v1/users/<USER_ID>/pats" \
        -H "Authorization: Bearer <YOUR_BEARER_TOKEN>" \
        -H "Content-Type: application/json" \
        -d '{
        "expirationDate": "2099-12-31T23:59:59Z"
        }'

API Endpoint Summary

It is critical to use the correct port and endpoint for each specific operation. Refer to the table below for the API mapping: