z/OSMF performs the user authentication for the REST API provided by the TSO/E address space services.
The following user authentication methods are available:
- Authentication using the z/OS user ID and password
- Authentication using a client certificate
To perform authentication by using a z/OS user ID and password, log on to the z/OSMF server by specifying the user ID and password in the Authorization header.
To perform authentication by using a client certificate, log on to the z/OSMF server by specifying the client certificate header.
If you are authenticated as a z/OS user, a LTPA (Lightweight Third-Party Authentication) token will be returned for the Set-Cookie header. Thereafter, when executing an HTTP request to the z/OSMF server, append the LTPA token to the Cookie header.
You can access the z/OSMF server until the validity period of the token expires (the value specified for SESSION_EXPIRE of the IZUPRMxx member; the default value is 495 minutes).
CLI commands run by using the BCM Web API will be run according to the permissions of the user ID specified at the time of authentication. Perform authentication for a user ID that has the permissions necessary to run the applicable CLI command.