Skip to main content
Version: 3.0

Configure Backend REST API

Applicable to both Classic and Federated modes

A backend REST API refers to the interface that connects the front-end or user-facing applications with the backend servers, databases, or services. The backend REST API is responsible for handling the core logic of the system, database interactions, and any background services.

With the Portworx Backup backend REST API, you can perform the following tasks:

  1. Create roles
  2. Update roles
  3. List roles
  4. Delete roles
  5. Map roles
  6. Unmap roles

To configure the backend REST API, you need to fetch an access token for the instance.

Fetch authorization bearer token

To fetch the token for an instance, log in with the admin credentials and then perform the following steps:

  1. Access the Portworx Backup web console and log in with administrator credentials:

  2. In the home page, from the left navigation pane, click User Profile icon and choose PX-Backup Security.

  3. Right-click on the PX-Backup Security page and select Inspect from the context menu. This opens the browser's developer tools.

  4. In the developer tools panel, navigate to the Networks tab and wait for the following endpoint to load in the Name column. You can also search with rbac/users in the filter tab to find this endpoint.

    https://<end-point>/backend/api/pxBackup/rbac/users/list?searchString=&page=1&per_page=10
    note

    The URL path uses lowercase /backend/ (not /Backend/). Using an uppercase B will result in a 404 error.

    The Name column shows the requests being made, including specific APIs being called or resources being fetched during a web application's operation.

  5. Select the above API endpoint from the Name column and move to Request Headers row and copy the bearer token from Authorization section. Make sure you copy only the token and not the Bearer string that appears before the token.

    caution

    The bearer token extracted from browser DevTools is a short-lived UI session token. It will expire quickly and is not suitable for automation, scripting, or CI/CD pipelines. For long-lived programmatic access, use a dedicated service account token or Keycloak client credentials flow instead.

  6. Export the token with the following command:

    export TOKEN="BEARER <token-copied-from-authorization-field>"

  7. Run the following API call to check if the token works. Make sure you replace the endpoint with the actual server address:

    % curl -k -X GET "https://<end-point>/backend/api/pxBackup/rbac/roles/list" -H "accept: application/json" -H "Authorization: $TOKEN"

    Sample output:

    {"SUCCESS":true,"DATA":{"current_page":1,"searched":false,"first_page_url":"","from":0,"last_page":1,"last_page_url":"","next_page_url":"","path":"","per_page":10,"to":5,"total":5,"metaData":null,"data":[{"metadata":{"name":"px-backup-super.admin","uid":"<alpha-numeric-uid>","org_id":"default","create_time":{"seconds":1729158677,"nanos":332422260},"last_update_time":{"seconds":1729158743,"nanos":476343054},"create_time_in_sec":1729158677,"ownership":{"owner":"<owner-uid>","public":{"type":1}},"description":"Has full control to create, view, edit, and delete clusters, namespaces, cloud accounts, backup locations, schedule policies, rules, backups, restores, roles, users, and user groups, either created by themselves or by other users."},"rules":[{"services":["schedulepolicy","cloudcredential","backuplocation","rules","role","receiver","recipient","audit"],"apis":["*"]}],"role_id":"<alpha-numeric-role-id>"},{"metadata":{"name":"px-backup-infra.admin","uid":"<alpha-numeric-uid>","org_id":"default","create_time":{"seconds":1729158677,"nanos":370751364},"last_update_time":{"seconds":1729158743,"nanos":243144225},"create_time_in_sec":1729158677,"ownership":{"owner":"<owner-uid>","public":{"type":1}},"description":"Can create, view, edit, and delete cloud accounts, backup locations, schedule policies, rules, roles, users, and user groups they have created. In addition, they can view shared backup resources."},"rules":[{"services":["schedulepolicy","cloudcredential","backuplocation","rules","role","receiver","recipient"],"apis":["*"]},{"services":["audit"],"apis":["inspect*","enumerate*"]}],"role_id":"<alpha-numeric-role-id>"},{"metadata":{"name":"px-backup-app.admin","uid":"<alpha-numeric-uid>","org_id":"default","create_time":{"seconds":1729158677,"nanos":378614407},"last_update_time":{"seconds":1729158743,"nanos":351234891},"create_time_in_sec":1729158677,"ownership":{"owner":"<owner-uid>","public":{"type":1}},"description":"Can create, edit, view, and delete backup locations, schedule policies, and rules they have created. They can also view all other shared backup resources."},"rules":[{"services":["schedulepolicy","backuplocation","rules"],"apis":["*"]},{"services":["role"],"apis":["inspect*","enumerate*","validate*"]},{"services":["cloudcredential"],"apis":["inspect*","enumerate*"]},{"services":["recipient"],"apis":["*"]},{"services":["receiver"],"apis":["enumerate*"]}],"role_id":"<alpha-numeric-role-id>"},{"metadata":{"name":"px-backup-app.user","uid":"<alpha-numeric-uid>","org_id":"default","create_time":{"seconds":1729158677,"nanos":386510867},"last_update_time":{"seconds":1729158743,"nanos":413840572},"create_time_in_sec":1729158677,"ownership":{"owner":"<owner-uid>","public":{"type":1}},"description":"Can only view the shared resources created by other roles."},"rules":[{"services":["schedulepolicy","cloudcredential","backuplocation","rules","role"],"apis":["inspect*","enumerate*","validate*"]},{"services":["recipient"],"apis":["*"]},{"services":["receiver"],"apis":["enumerate*"]}],"role_id":"<alpha-numeric-role-id>"},{"metadata":{"name":"test-role","uid":"<alpha-numeric-uid>","org_id":"default","create_time":{"seconds":1729227011,"nanos":248356472},"last_update_time":{"seconds":1729227011,"nanos":248356472},"create_time_in_sec":1729227011,"ownership":{"owner":"<owner>","public":{"type":1}},"description":"NA"},"rules":[{"services":["cloudcredential"],"apis":["inspect*","enumerate*"]},{"services":["schedulepolicy"],"apis":["inspect*","enumerate*"]},{"services":["backuplocation"],"apis":["inspect*","enumerate*"]},{"services":["rules"],"apis":["inspect*","enumerate*"]},{"services":["role"],"apis":["inspect*","enumerate*"]}],"role_id":"<alpha-numeric-role-id>"}],"fromCache":false,"networkTimer":null,"processTimer":null,"dsRequestId":0,"next_token":""},"SUCCESSMESSAGE":"Fetched all roles"}
Last updated on