Community Articles

Find and share helpful community-sourced technical articles.
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
Rising Star

Using NiFi REST API for unsecured cluster is straight-forward like below:

[root@<nifi-host> ~]# curl -v -X GET http://<nifi-host>:<port>/nifi-api/flow/current-user
* About to connect() to <nifi-host> port <port> (#0)
*   Trying <IP address>...
* Connected to <nifi-host> (<IP address>) port <port> (#0)
> GET /nifi-api/flow/current-user HTTP/1.1
> User-Agent: curl/7.29.0
> Host: <nifi-host>:<port>
> Accept: */*
< HTTP/1.1 200 OK
< Date: Fri, 30 Jun 2017 22:15:09 GMT
< X-Frame-Options: SAMEORIGIN
< X-Frame-Options: SAMEORIGIN
< X-Frame-Options: SAMEORIGIN
< Cache-Control: private, no-cache, no-store, no-transform
< Server: Jetty(9.4.3.v20170317)
< Vary: Accept-Encoding, User-Agent
< Date: Fri, 30 Jun 2017 22:15:09 GMT
< Date: Fri, 30 Jun 2017 22:15:09 GMT
< Content-Type: application/json
< Content-Length: 439
* Connection #0 to host <nifi-host> left intact

However if this cluster is using Kerberos for authentication then the curl call will need a Kerberos authentication token as below:

  • First do a kinit (using appropriate keytab/principal) on the nifi node you are logged into.
  • Now get a token using below API call:
token=`curl -k -X POST --negotiate -u : https://<nifi-node>:<port>/nifi-api/access/kerberos` 
  • Second you need to pass above generated token to the actual API call:
curl -k --header "Authorization: Bearer $token" https://<nifi-host>:<port>/nifi-api/flow/cluster/summary 
Expert Contributor

Hi @Arti Wadhwani,

Could we use username/password of the principle created in Kerberos to login?

Since I don't have kinit in nifi node.




I am trying to access nifi-api using kerberos token. I ran the command to obtain the token that is mentioned in the post but I get the following error: Kerberos ticket login not supported by this NiFi.

I have kerberos provider configured in login-identity-providers.xml and I am able to run kinit also.

Can you please help me how to resolve this issue?

Expert Contributor

In case, you get below error, make sure you use Nifi host FQDN in API call and NOT IP address. Also, make sure DNS is configured correctly.


<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /nifi-api/access/kerberos. Reason:
<pre>    Unauthorized</pre>