I'm new to Postman and scripted/etc. I've developed some basic scripts to populate ACI so far and have used Postman Runner to bulk insert objects where required. Typically I'd create a folder and a bunch of scripts under it. The first script has always been a "login" one where I pass the user/pass into ACI.
I've been demo-ing this to a customer and they made the comment "auditing that many logins is going to be hell for our compliance guys"... which is true. So I started looking at how to do this properly (i.e. re-using a token/cookie).
I was having a look at the APIC REST configuration guide and noted the section around authentication here:
Authenticating and Maintaining an API Session
Before you can access the API, you must first log in with the name and password of a configured user.
When a login message is accepted, the API returns a data structure that includes a session timeout period in seconds and a token that represents the session. The token is also returned as a cookie in the HTTP response header. To maintain your session, you must send login refresh messages to the API if no other messages are sent for a period longer than the session timeout period. The token changes each time that the session is refreshed.
In Postman I can see the "APIC-cookie" is created after the login script runs. Which is great. The sub-scripts all use that cookie. But when I iterate and reuse the code in Runner (i.e. adding multiple bridge domains), I run the login script again, and again... and again. This constant logging in is what I'm trying to fix.
I was just curious as to whether Postman and Runner modules share cookies? In my tests, I couldn't get Runner to use the existing login session from Postman (i.e. login using Postman then use Runner) as I expect it is using a different session to the Postman module... maybe I'm missing something here?
Otherwise, is it possible to avoid constant logins using Runner?
