@Gutao When interacting with the NiFi rest-api, I'd recommend creating a client certificate to use in your automation. A secured NiFi will always WANT a client certificate and will only try another configured auth method if a client certificate is not provide in the TLS exchange. Using a certificate for your rest-api automation removes the need for obtaining a token completely. You simply pass your client certificate with every rest-api call. Another advantage here over auth is token expiration. With no token involved with certificate based auth, your certificate will continuously work until it expires (typical default is 1 or 2 years).
You'll need to setup authorization policies for your certificate user (Certificate DN used as user identity) for the various endpoints you are trying to interact with through the rest-api.
If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.