Web Service Authentication Examples
This page presents examples of clients making use of the IRIS and FDSN Web Service ‘queryauth’ pathways to authenticate your access to data.
Authentication not only helps us to identify your activity patterns, but allows you to gain authorized access to restricted data sets and may allow you to unlock other data access allowances as they become available.
The web services at IRIS follow a username/password model of authentication, using the ‘Digest Authentication’ protocol. The username and password that you provide are:
- Username = Your registered account email address
- Password = Your time-limited 16-character access key
Authenticated Access via ObsPy
ObsPy is a well-known and widely utilized Python library permitting access to seismic data from remote data repositories.
ObsPy has a built-in means of supporting authenticated data access to queryauth endpoints.
ObsPy does not currently permit the use of a .netrc or other private file to keep the username and password secret (unless you are using EIDA tokens).
$ source activate obspy-env (obspy-env)$ conda install obspy==1.3 (obspy-env)$ pythonfrom obspy.clients.fdsn import Client as FDSN_Client from obspy import UTCDateTime Etime=UTCDateTime('2018-01-13T18:07:33.750Z') E2=Etime+3600 username="rob@sgworkshop.org" password="Pwtkg1RTmZkYnD8s" Rclient=FDSN_Client("IRIS",user=username,password=password, debug=True) St=Rclient.get_waveforms("IU","ANMO","*","BH*", Etime, E2)
Authenticated Access via FetchData.pl
FetchData is an easy to use perl script that permits access and collection of data from a number of remote data centers.
FetchData can accept an authentication flag on the command line.
Like ObsPy, FetchData.pl does not currently support a secure password file like .netrc.
$ FetchData -N IU -S ANMO -C BHZ -s 2018-01-01 -e 2018-01-01T03:00:00 -o output_file.mseed -a rob@sgworkshop.org:Pwtkg1RTmZkYnD8s
A .netrc file explainer
This is a standard file for storing secrets for passworded access to hosts. Originally used for FTP access, it is also supported by many HTTP clients.
Reason for use: keeping plaintext passwords off of the command line and out of code.
A .netrc file can easily be created. It is just a text file, is kept in the user’s home directory with user-only read/write permissions, and takes on this format:
$ cat ~/.netrc
machine service.iris.edu login rob@sgworkshop.org password Pwtkg1RTmZkYnD8s
Format: machine <hostname> login <username> password <password>
Authenticated Access via curl
Curl is a very popular command line tool enabling HTTP access to remote servers – it is also a programming library.
Curl readily supports Digest Authentication, among other forms of connection.
We show two examples of Curl being used to authenticate for data access
Plain text command line
$ curl --digest --user 'rob@sgworkshop.org:Pwtkg1RTmZkYnD8s' -o curl_out.mseed "http://service.iris.edu/fdsnws/dataselect/1/queryauth?net=IU&sta=ANMO&loc=00&cha=BHZ&start=2010-02-27T06:30:00.000&end=2010-02-27T10:30:00.000"
Use of a .netrc file
$ curl --digest -o curl_out.mseed -n "http://service.iris.edu/fdsnws/dataselect/1/queryauth?net=IU&sta=ANMO&loc=00&cha=BHZ&start=2010-02-27T06:30:00.000&end=2010-02-27T10:30:00.000"
Authenticated Access via ROVER
ROVER, developed by IRIS, enables the robust retrieval of large sets of geophysical data from a remote data center supporting FDSN standard web services.
Currently, ROVER does not support authenticated access, but we have an update in the works that will make this possible. Be sure to check back here in this space for an example.
