API authentication reference

The MAAS API uses OAuth as its authentication mechanism. This isn’t third-party (3-legged) OAuth, so the process used is what’s commonly referred to as 0-legged OAuth: the consumer accesses protected resources by submitting OAuth signed requests.

Note that some API endpoints support unauthenticated requests (i.e. anonymous access). This article will help you learn:

Here are two examples on how to perform an authenticated GET request to retrieve the list of nodes. The <consumer_key>, <consumer_token>, <secret> tokens are the three elements that compose the API key (API key = ‘<consumer_key>:<consumer_token>:<secret>’).

How to perform authenticated requests in Python

Note: the below example uses fades, but you can also install the requests_oauthlib (pypi link) and oauthlib (pypi link) packages with pip. Replace <MAAS_SERVER_IP> with your server’s IP address, and <API-KEY> with your API key.

from oauthlib.oauth1 import SIGNATURE_PLAINTEXT # fades
from requests_oauthlib import OAuth1Session # fades


maas = OAuth1Session(CONSUMER_KEY, resource_owner_key=CONSUMER_TOKEN, resource_owner_secret=SECRET, signature_method=SIGNATURE_PLAINTEXT)

nodes = maas.get(f"{MAAS_HOST}/api/2.0/machines/", params={"op": "list_allocated"})


How to perform authenticated requests in Ruby

require 'oauth'
require 'oauth/signature/plaintext'

def perform_API_request(site, uri, key, secret, consumer_key)
    consumer = OAuth::Consumer.new(
        consumer_key, "",
        { :site => "http://localhost:5240/MAAS/api/2.0",
          :scheme => :header, :signature_method => "PLAINTEXT"})
    access_token = OAuth::AccessToken.new(consumer, key, secret)
    return access_token.request(:get, "/nodes/?op=list")

# API key = "<consumer_key>:<key>:<secret>"
response = perform_API_request(
     "http://server:5240/MAAS/api/2.0", "/nodes/?op=list", "<key>", "<secret>",

Last updated 3 months ago.