Gitlab API: How to generate the private token

Question

This is what I tried:

curl http://git.ep.petrobras.com.br/api/v3/session --data-urlencode 'login=myUser&password=myPass'

Answer:

{"message":"401 Unauthorized"}

Answer 1

The problem is the data-urlencode CURL option. Since it's an HTTP POST you don't need to URL encode the data, and is actually encoding the & into & and causing your issue. Instead use the --data option.

curl http://git.ep.petrobras.com.br/api/v3/session --data 'login=myUser&password=myPass'

Also, be careful sending credentials over plain HTTP. It could be easily sniffed.

Answer 2

This is how:

$ curl http://git.ep.petrobras.com.br/api/v3/session/ --data-urlencode 'login=myUser' --data-urlencode 'password=myPass'

The solution pointed out by Steven doesn't work if your username or password contains characters that have to be urleencoded. The name=content format will urlencode the content part (the name part has to be urlencoded but login and password are fine).

To actually retrieve the private_token you can pipe the output of curl into jq like this:

$ curl [as above] | jq --raw-output .private_token
x_the_private_token_value_x

This way you can easily use it in a shell script.

Also, as Steven pointed out already, please use https instead so that your password is not transmitted in clear text across the wire.

Answer 3

Note: this workflow no longer works as of GitLab 8.6.0 as the default password has been removed.

Changelog: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG#L205

I only just noticed this and raised the issue. Leaving this note here to hopefully save someone else some time. Hopefully, this is a decision that will be reviewed and reverted.

Discussion/issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/1980