Skip to main content
Version: 3.0

Configure Backup REST API

Applicable to both Classic and Federated modes

A Backup REST API is an interface that allows you to programmatically manage backup operations using standard HTTP requests. These APIs enable automation and control of the backup process across different systems and services.

You can use the Portworx Backup backup REST API to create, delete, schedule, restore backups and other operation tasks. This API is organized around REST and returns responses in JSON format.

To configure backup rest APIs, you need to expose Swagger UI and then fetch an access token for the instance.

Expose Swagger UI

To expose Swagger UI in Portworx Backup:

  1. Expose px-backup deployment as REST interface:

    $ kubectl expose deployment -n <pxb-namespace> px-backup --type=NodePort --port=10001 --name px-backup-rest

    Output:

    service/px-backup-rest exposed

  2. Check if the service is properly created:

    $ kubectl get service -n <pxb-namespace> | grep rest

    Output:

    px-backup-rest        NodePort      <node_IP>    <none>      10001:<node_port>/TCP       25s

  3. Open the swagger UI endpoint http://(NodeIP:NodePort)/swagger-ui/ in your web browser to access the API through swagger:

Fetch an access token

To fetch the token for an instance, log in with the admin credentials and then perform the following steps:

  1. Fetch access token with the same admin credentials used for login:

    curl --data 'grant_type=password&client_id=pxcentral&username=admin&password=password' http://<IP>:<Port>/realms/master/protocol/openid-connect/token --silent | jq -r ".access_token"
    note

    For Portworx Backup 2.8.x and earlier, use /auth/realms/master/protocol/openid-connect/token in the URL. For Portworx Backup 2.9.0 and later, the /auth prefix is removed: /realms/master/protocol/openid-connect/token.

    Replace <IP>:<Port> with the Keycloak service endpoint. Do not use the px-backup-rest NodePort endpoint, as the authentication token is retrieved from the Keycloak service.

    To identify the Keycloak service endpoint, run:

    kubectl get svc -n <pxb-namespace> | grep keycloak

    Use the IP address or hostname and port exposed by the Keycloak service (for example, through a NodePort or LoadBalancer service).

  2. Add the token:

    • Click Authorize on the Swagger UI page.

    • Add the token generated with the Bearer prefix and a space in between.

    • Click Authorize on Available authorizations.

    • Click Close.

Last updated on