Introduction
When a user logs in to Terraform Enterprise, a new session cookie is created. This cookie is unique to the session and is automatically terminated when the user logs out of Terraform Enterprise.
This session cookie can be used to authorize requests to the Terraform Enterprise (TFE) API.
Expected Outcome
Be able to make authenticated API calls to various Terraform Enterprise endpoints using the session cookie.
Prerequisites (if applicable)
- Access to a local terminal or CLI
OR -
Postman installed on your local machine
Use Case
Users can leverage their browser session token to make authenticated API calls to Terraform Enterprise without creating long-lived user tokens, team tokens, or organization tokens. The session cookie becomes invalid automatically upon logout, enhancing security.
Procedure
1. Retrieve the Session Cookie
- Log in to Terraform Enterprise.
- Right-click on the browser window and select Inspect (or press
F12). - Go to the Application tab.
- In the left-hand pane, under Storage, expand Cookies.
- Select your Terraform Enterprise domain.
- Locate the
_atlas_session_datacookie in the center panel. - Copy the value of this cookie and set as
2. Use the Cookie in a Terminal (cURL)
Set the Cookie Value as an environment variable TOKEN in your terminal
$ export TOKEN="<COOKIE_VALUE>"
Run the following cURL command using your TFE hostname, replacing placeholders as needed:
$ curl https://<TFE_HOSTNAME>/api/v2/account/details \ --cookie "_atlas_session_data=$TOKEN" | jq "."
Make sure to replace <TFE_HOSTNAME> with your actual Terraform Enterprise URL and $TOKEN with the cookie value copied earlier.
3. Use the Cookie in Postman
- Open Postman.
- Click Cookies (below the "Send" button).
- Add your Terraform Enterprise domain.
- Add a new cookie with:
-
Name:
_atlas_session_data - Value: (Paste the copied cookie value)
-
Name:
- Save the cookie.
- Make your API request.