Using the API Keys to support MFA configuration
You can use API keys when accessing the production and IRE primary servers. API keys provide an alternative to traditional password-based authentication, especially in environments where multi-factor authentication (MFA) is enabled. Unlike passwords, API keys bypass the need for an MFA one-time password (OTP).
The show_slp_window, sync_ire_window, and add_replication_op commands that require authentication to the primary server prompt for the admin user's password if an API key is not specified. However, these commands do not support MFA OTP. If MFA is enabled on the primary server, password-based authentication will be denied, preventing access. This limitation makes API keys essential for environments that have MFA enabled.
Use the production_use_apikey and ire_use_apikey parameters in the commands to authenticate with API keys instead of passwords. The production_use_apikey parameter is used for accessing the production primary server, while the ire_use_apikey parameter is used for the IRE primary server. Including these parameters in the command ensures seamless authentication without requiring an OTP.
To use these parameters, administrators must ensure that the API key is associated with a user account that has the necessary Role-Based Access Control (RBAC) permissions. Specifically, the admin user for the API key must have at least the Default IRE SLP Administrator role. For information on managing API keys, refer to the NetBackup Web UI Administrator's Guide.