Because the TSM API allows you to perform administrative tasks, it requires authentication over HTTPS.
The account you use to authenticate with TSM must exist on the Tableau Server computer. This user account must use password-based authentication.
Additional requirements depend on the operating system used to run Tableau Server:
For Tableau Server on Windows, the user account must also be an administrator on the Tableau Server computer.
For Tableau Server on Linux, the user account must also be a part of the
tsmadmin
group that is authorized to access TSM.
This user account is distinct from Tableau Server user accounts, including Tableau Server administrator and site administrator accounts.
When you first run the initialize-tsm
script to start TSM as part of Tableau
Server installation, the user account that you use to run the script is added to
the tsmadmin
group. If you run the script and use the -u
option to specify
a different user account, that user account is used to run the script and then
added to the tsmadmin
group. The initialize-tsm
script is in the
/opt/tableau/tableau_server/packages/scripts.<version>
directory.
To add an existing user account to the tsmadmin
group after you have already
run the initialize-tsm
script, use the Linux usermod
command with the -a
(append) and -G
(groups) options:
usermod -a -G tsmadmin <user>
To create a new user account and add it to the tsmadmin
group, use the
following command:
useradd -G tsmadmin <user>
All requests and responses must be sent over HTTPS.
By default, TSM uses a self-signed SSL certificate.
As a result, you might see a warning that the request is not secure depending on
the library that you use to send requests.You do not need to do anything to
enable SSL for TSM. Just specify https
in the URI.
Send a POST request to the login
endpoint to authenticate to TSM:
https://your-server:8850/api/1.0/login
A login request must include the following:
Content-type header
The header must specify that the content-type is application/json
.
Authentication body
The body of the request must include an authentication object that includes the user name and password.
For example, you might send the following body:
{
"authentication": {
"name": "username",
"password": "password"
}
}
A successful login request returns a 204 status code and an authentication cookie. Additional requests that you make to the TSM API must include a valid authentication cookie.
Send a POST request to the logout
endpoint to invalidate your authentication
cookie:
https://your-server:8850/api/1.0/logout
Alternatively, to invalidate all active authentication cookes for TSM, send a
POST request to the logout/all
endpoint:
https://your-server:8850/api/1.0/logout/all
A successful logout request returns a 204 status code.
import json
import requests
session = requests.Session()
login_url = 'https://your-server:8850/api/1.0/login'
logout_url = 'https://your-server:8850/api/1.0/logout'
headers = {
'content-type': 'application/json'
}
body = {
'authentication': {
'name': 'username',
'password': 'password'
}
}
# Configure the session to authenticate with the provided credentials.
# Do not verify the SSL certificate because this is a self-signed certificate.
session = requests.Session()
# Sign in
login_resp = session.post(login_url, data=json.dumps(body), headers=headers, verify=False)
print '{0}: {1}'.format(login_resp.status_code, login_url)
# Sign out
logout_resp = session.post(logout_url)
print '{0}: {1}'.format(logout_resp.status_code, logout_url)