How to Fetch and Use Authentication Tokens with IECTL

IECTL provides token fetch commands for IEM, IED and the IE HUB, that allow you to retrieve authentication tokens manually. These tokens can be set as environment variables to improve performance and reduce authentication overhead.

Why Use Token Fetch Commands?

By default, IECTL fetches a new authentication token for every command execution, which involves calling authentication APIs each time. Using pre-fetched tokens offers several benefits:

• Improved Performance: Eliminates authentication API calls on each command execution
• Reduced Network Traffic: Fewer authentication requests to the servers
• Better Automation: Useful in CI/CD pipelines and scripts where repeated authentication calls should be minimized
• Token Reuse: A single token can be used across multiple IECTL commands until it expires

Prerequisites

Before fetching tokens, you must configure IECTL with the appropriate connection details for each service. See the Managing Configurations for detailed setup instructions.

Adding Configurations

# Add IEM configuration
iectl config add iem --name my-iem --url https://iem.example.com --user myuser@company.com --password-stdin

# Add IEHUB configuration  
iectl config add iehub --name my-iehub --url https://iehub.example.com --user myuser@company.com --password-stdin

# Add IED configuration
iectl config add ied --name my-ied --url https://ied.example.com --user myuser@company.com --password-stdin

Token Fetch Commands

Fetch IEM Token

iectl iem token fetch

This command fetches an authentication token for the configured IEM instance.

Fetch IEHUB Token

iectl iehub token fetch

This command fetches an authentication token for the configured IEHUB instance.

Fetch IED Token

iectl ied token fetch

This command fetches an authentication token for the configured IED instance.

Setting Tokens as Environment Variables

Once you have fetched the tokens, you can set them as environment variables. IECTL will automatically use these tokens instead of performing new authentication requests. see

Token Expiration

Authentication tokens have expiration times set by the respective services. When a token expires, you'll need to fetch a new one.

Automation and CI/CD

For automation scripts and CI/CD pipelines, you can fetch tokens once at the beginning of your workflow and reuse them throughout:

#!/bin/bash
set -e

# Fetch tokens once
echo "Fetching authentication tokens..."
export IEM_TOKEN=$(iectl iem token fetch -q "{.data.access_token}")

# Run multiple commands using the same tokens
echo "Listing devices..."
iectl iem device list

echo "Uploading application..."
iectl iem catalog import-application --app-file-path myapp.app

echo "Deploying to devices..."
iectl iem job batch-create --appid {appId} --operation "installApplication" --infoMap "{"devices":["deviceId"]}"

Environment Variables Reference

For a complete list of environment variables that can be used with IECTL, including token variables, see the Environment Variables documentation.

Related Documentation

• Managing Configurations - How to add and manage IECTL configurations
• Environment Variables - Complete list of supported environment variables
• IEM Token Commands - Detailed IEM token command reference
• IEHUB Token Commands - Detailed IEHUB token command reference
• IED Token Commands - Detailed IED token command reference