REST API Backup Methods#

This document covers the REST API methods for backing up Identity Server configuration using the RESTCONF interface and HTTP operations.

Overview#

The Identity Server provides a comprehensive REST API for configuration management through the RESTCONF interface. This approach enables programmatic access to configuration data for integration with external systems and automation workflows.

REST API methods are ideal for CI/CD integration, automated deployment pipelines, and custom management applications.

RESTCONF API Structure#

Base Endpoint#

The configuration data is hierarchically structured under the top-level configuration tree node:

/admin/api/restconf/data

Connection Details#

  • Scheme: HTTPS (recommended) or HTTP
  • Host: Identity Server admin interface hostname
  • Port: Same as admin UI (default: 6749)
  • Base URL: https://localhost:6749 (default configuration)

Authentication#

The REST API uses HTTP Basic Authentication with the same credentials as other management interfaces:

  • Username: Admin interface username
  • Password: Admin interface password
  • Method: HTTP Basic Authentication header

Backup Operations#

Complete Configuration Backup#

To create a full system backup, make a GET request to the base configuration endpoint:

$ curl -s -u admin:Password1 \
    "https://localhost:6749/admin/api/restconf/data?depth=unbounded&content=config" \
    > complete-backup.xml

Query Parameters:

  • depth=unbounded: Retrieves complete configuration hierarchy
  • content=config: Returns only configuration data (excludes operational state)

Subsystem Backup#

For targeted backups of specific configuration subsystems, use sub-path targeting:

$ curl -s -u "admin:Password1" \
    "https://localhost:6749/admin/api/restconf/data/profiles/profile=authentication,authentication-service?depth=unbounded&content=config" \
    > authentication-backup.xml

Advanced Query Examples#

Multiple Profiles Backup#

$ curl -s -u "admin:Password1" \
    "https://localhost:6749/admin/api/restconf/data/profiles?depth=unbounded&content=config" \
    > profiles-backup.xml

Facilities Configuration Backup#

$ curl -s -u "admin:Password1" \
    "https://localhost:6749/admin/api/restconf/data/facilities?depth=unbounded&content=config" \
    > facilities-backup.xml

HTTP Response Handling#

Success Response#

  • Status Code: 200 OK
  • Content-Type: application/yang-data+xml
  • Body: XML configuration data

Error Responses#

  • 401 Unauthorized: Invalid authentication credentials
  • 404 Not Found: Invalid configuration path
  • 500 Internal Server Error: Server-side configuration errors

Response Validation#

#!/bin/bash
BACKUP_FILE="backup-$(date +%Y%m%d-%H%M%S).xml"
HTTP_STATUS=$(curl -s -w "%{http_code}" -u "admin:Password1" \
    "https://localhost:6749/admin/api/restconf/data?depth=unbounded&content=config" \
    -o "$BACKUP_FILE")

if [ "$HTTP_STATUS" -eq 200 ]; then
    echo "Backup successful: $BACKUP_FILE"
else
    echo "Backup failed with HTTP status: $HTTP_STATUS"
    rm -f "$BACKUP_FILE"
fi

Integration Patterns#

CI/CD Pipeline Integration#

#!/bin/bash
# Pre-deployment configuration backup
ENVIRONMENT=${1:-production}
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_FILE="config-backup-${ENVIRONMENT}-${TIMESTAMP}.xml"

curl -s -u "${ADMIN_USER}:${ADMIN_PASSWORD}" \
    "${IDSVR_ADMIN_URL}/admin/api/restconf/data?depth=unbounded&content=config" \
    > "${BACKUP_DIR}/${BACKUP_FILE}"

echo "Configuration backed up to: ${BACKUP_FILE}"

Monitoring and Health Checks#

#!/bin/bash
# Monitor configuration changes
CURRENT_CONFIG=$(curl -s -u "admin:Password1" \
    "https://localhost:6749/admin/api/restconf/data?depth=unbounded&content=config" \
    | md5sum)

if [ "$CURRENT_CONFIG" != "$LAST_KNOWN_CONFIG" ]; then
    echo "Configuration change detected - creating backup"
    # Trigger backup process
fi

Security Considerations#

HTTPS Configuration#

Always use HTTPS in production environments:

$ curl -s --cacert /path/to/ca-cert.pem -u "admin:Password1" \
    "https://idsvr.example.com:6749/admin/api/restconf/data?depth=unbounded&content=config" \
    > secure-backup.xml

Credential Management#

  • Store credentials securely (environment variables, credential stores)
  • Use service accounts with minimal required permissions
  • Implement credential rotation policies
  • Avoid hardcoding credentials in scripts

REST API backup operations retrieve sensitive configuration data. Ensure proper access controls, secure transmission, and encrypted storage of backup files.

Best Practices#

  • Error Handling: Implement comprehensive HTTP status code handling
  • Retry Logic: Add exponential backoff for transient failures
  • Timeout Configuration: Set appropriate request timeouts
  • Logging: Capture API interactions for audit and debugging
  • Rate Limiting: Respect API rate limits in automated systems

Was this helpful?