Provide credentials for API pollers in SAM

This topic pertains to API poller credentials. To learn about this feature, see Use API pollers to monitor metrics via remote APIs in the SAM Administrator Guide.

Depending on the type of authorization used by an API, you may only need to provide a username and password as credentials for an API request. Sophisticated APIs, such as the Azure API, require a client ID, client secret, access token URL, and other details. Some free APIs don't require any credentials. See API documentation for details.

There are several ways to configure API poller credentials, including:

• Provide credentials when adding a new API poller.
• Change credentials by editing an existing API poller.

In either case, you have the following options:

• (Recommended) Add credentials on the Manage Credentials page, and then select those credentials on the API poller page.
  

  For API pollers created in earlier versions of SAM, add related credentials on the Manage Credentials page and then edit API pollers to use the new credentials.

• Add new credentials on the API poller page.
  
  To open the API poller page, click Settings > All Settings > Manage API Pollers. Click New to add a new poller, or select an existing poller to change existing credentials.
  

  Credentials added on the API poller page are sent by HTTP with plain text, instead of HTTPS. SolarWinds recommends adding credentials on the Manage Credentials page instead, and then assign credentials on the API poller page. Alternatively, access the API poller page directly from the SolarWinds Platform server to add credentials.

• Select existing credentials added for a different API poller that accesses the same API.
  

  If you assign multiple API poller templates of the same type (for example, four Azure templates) to a node, the resulting API pollers can share the same credentials. If you assign different types of templates (for example, one Azure template and one Pingdom template), you'll need to configure separate credentials for each poller.

Before you begin

Review API documentation to determine the type of authorization used, along with any other requirements. If an API poller is based on an out-of-the-box API Poller template, review prerequisites in the SAM API Poller Template Guide.

If your organization hosts applications that you want to access via API, some applications must be configured to allow access to data for API calls. For example, if your organization uses Azure applications accessed via the Microsoft Graph API, you may need to consult with your Azure Administrator to obtain credentials with the proper scope and permissions to the API, such as Group.Read.All and Directory.Read.All.

For tips on locating Azure credentials such as Tenant IDs, see Find Microsoft Azure credentials.

To add credentials to an API poller: 

1. Click Configure at the top of the page.
2. Click New credential.
3. Add a name for the set of credentials, fill out the remaining fields, and then click Save.
   

   Alternatively, select an existing set of credentials from the drop-down listbox.

   

Alternatively, select an existing set of credentials from the drop-down listbox.

If you assign multiple API poller templates of the same type (for example, four Azure templates) to a node, the resulting API pollers can share the same credentials. If you assign different types of templates (for example, one Azure template and one Pingdom template), you'll need to configure separate credentials for each API poller before sending API requests.

Some terms you may encounter when working with API credentials include:

• Grant type: The method used by an application to get an access token that authenticates a request to an API endpoint.
• Tenant ID: A unique ID that represents the Azure AD directory where a registered application is stored.
• Client ID: A unique ID that is assigned to an application and service principal during initial provisioning.
• Client Secret: A unique set of characters known only to the application and authorization server.
• Access token URL: The web address of the API provider's authentication server, which exchange an authorization code for an access token.to confirm access to API data.
• Scope: The endpoints of data within an API for which an application can request access. The access token issued to the application will be limited to the scopes granted, including read or write access permissions. For example, to monitor https://manage.office.com endpoints with the Microsoft 365 Admin Center API poller template, use the following scope: https://manage.office.com/.default.

  API pollers created from predefined templates often require a scope. For example, the Microsoft 365 Mobile Device Management API poller template requires OAuth 2.0 Azure credentials with the following scope:
  https://manage.office.com/.default. See the SAM API Poller Template Guide for details.

Refer to documentation from API providers to learn more about credentials and required formats.