Authentication


Because the TSM API allows you to perform administrative tasks, it requires authentication over HTTPS.

User account requirements

The account you use to authenticate with TSM must exist on the Tableau Server computer. This user account must use password-based authentication.

Additional requirements depend on the operating system used to run Tableau Server:

This user account is distinct from Tableau Server user accounts, including Tableau Server administrator and site administrator accounts.

Add a user account to the tsmadmin group (Linux only)

When you first run the initialize-tsm script to start TSM as part of Tableau Server installation, the user account that you use to run the script is added to the tsmadmin group. If you run the script and use the -u option to specify a different user account, that user account is used to run the script and then added to the tsmadmin group. The initialize-tsm script is in the /opt/tableau/tableau_server/packages/scripts.<version> directory.

To add an existing user account to the tsmadmin group after you have already run the initialize-tsm script, use the Linux usermod command with the -a (append) and -G (groups) options:

usermod -a -G tsmadmin <user>

To create a new user account and add it to the tsmadmin group, use the following command:

useradd -G tsmadmin <user>

HTTPS requirement

All requests and responses must be sent over HTTPS. By default, TSM uses a self-signed SSL certificate.
As a result, you might see a warning that the request is not secure depending on the library that you use to send requests.You do not need to do anything to enable SSL for TSM. Just specify https in the URI.

Signing in to TSM

Send a POST request to the login endpoint to authenticate to TSM:

https://your-server:8850/api/1.0/login

A login request must include the following:

Content-type header

The header must specify that the content-type is application/json.

Authentication body

The body of the request must include an authentication object that includes the user name and password.

For example, you might send the following body:

{
    "authentication": {
        "name": "username",
        "password": "password"
    }
}

A successful login request returns a 204 status code and an authentication cookie. Additional requests that you make to the TSM API must include a valid authentication cookie.

Signing out of TSM

Send a POST request to the logout endpoint to invalidate your authentication cookie:

https://your-server:8850/api/1.0/logout

Alternatively, to invalidate all active authentication cookes for TSM, send a POST request to the logout/all endpoint:

https://your-server:8850/api/1.0/logout/all

A successful logout request returns a 204 status code.

Sample login and logout requests

import json
import requests

session = requests.Session()
login_url = 'https://your-server:8850/api/1.0/login'
logout_url = 'https://your-server:8850/api/1.0/logout'

headers = {
    'content-type': 'application/json'
    }

body = {
    'authentication': {
        'name': 'username',
        'password': 'password'
        }
    }

# Configure the session to authenticate with the provided credentials.
# Do not verify the SSL certificate because this is a self-signed certificate.
session = requests.Session()

# Sign in
login_resp = session.post(login_url, data=json.dumps(body), headers=headers, verify=False)
print '{0}: {1}'.format(login_resp.status_code, login_url)

# Sign out
logout_resp = session.post(logout_url)
print '{0}: {1}'.format(logout_resp.status_code, logout_url)