Web Service Authentication Examples

Web Service Authentication Examples

This page presents examples of clients making use of the NSF SAGE and FDSN Web Service ‘queryauth’ pathways to authenticate your access to data.

Authentication not only helps us to identify your activity patterns, but allows you to gain authorized access to restricted data sets and may allow you to unlock other data access allowances as they become available.

The web services at NSF SAGE follow a username/password model of authentication, using the ‘Digest Authentication’ protocol. The username and password that you provide are:

  • Username = Your registered account email address
  • Password = Your time-limited 16-character access key

Authenticated Access via ObsPy

ObsPy is a well-known and widely utilized Python library permitting access to seismic data from remote data repositories.

ObsPy has a built-in means of supporting authenticated data access to queryauth endpoints.

ObsPy does not currently permit the use of a .netrc or other private file to keep the username and password secret (unless you are using EIDA tokens).

$ source activate obspy-env
(obspy-env)$ conda install obspy==1.3
(obspy-env)$ python

from obspy.clients.fdsn import Client as FDSN_Client
from obspy import UTCDateTime
Etime=UTCDateTime('2018-01-13T18:07:33.750Z')
E2=Etime+3600
username="rob@sgworkshop.org"
password="Pwtkg1RTmZkYnD8s"
Rclient=FDSN_Client("NSF SAGE",user=username,password=password, debug=True)
St=Rclient.get_waveforms("IU","ANMO","*","BH*", Etime, E2)

Authenticated Access via FetchData.pl

FetchData is an easy to use perl script that permits access and collection of data from a number of remote data centers.

FetchData can accept an authentication flag on the command line.

Like ObsPy, FetchData.pl does not currently support a secure password file like .netrc.

$ FetchData -N IU -S ANMO -C BHZ -s 2018-01-01 -e 2018-01-01T03:00:00 -o output_file.mseed -a rob@sgworkshop.org:Pwtkg1RTmZkYnD8s

A .netrc file explainer

This is a standard file for storing secrets for passworded access to hosts. Originally used for FTP access, it is also supported by many HTTP clients.

Reason for use: keeping plaintext passwords off of the command line and out of code.

A .netrc file can easily be created. It is just a text file, is kept in the user’s home directory with user-only read/write permissions, and takes on this format:

$ cat ~/.netrc
machine service.iris.edu login rob@sgworkshop.org password Pwtkg1RTmZkYnD8s

Format: machine <hostname> login <username> password <password>

Authenticated Access via curl

Curl is a very popular command line tool enabling HTTP access to remote servers – it is also a programming library.

Curl readily supports Digest Authentication, among other forms of connection.

We show two examples of Curl being used to authenticate for data access

Plain text command line
$ curl --digest --user 'rob@sgworkshop.org:Pwtkg1RTmZkYnD8s' -o curl_out.mseed "http://service.iris.edu/fdsnws/dataselect/1/queryauth?net=IU&sta=ANMO&loc=00&cha=BHZ&start=2010-02-27T06:30:00.000&end=2010-02-27T10:30:00.000"
Use of a .netrc file
$ curl --digest -o curl_out.mseed -n "http://service.iris.edu/fdsnws/dataselect/1/queryauth?net=IU&sta=ANMO&loc=00&cha=BHZ&start=2010-02-27T06:30:00.000&end=2010-02-27T10:30:00.000"

Authenticated Access via ROVER

ROVER, developed by NSF SAGE, enables the robust retrieval of large sets of geophysical data from a remote data center supporting FDSN standard web services.

Currently, ROVER does not support authenticated access, but we have an update in the works that will make this possible. Be sure to check back here in this space for an example.

Tags

Web Service FDSNWS data access authentication irisws

10:00:31 v.b3198453