Authentication Patterns

# Inline
curl -u "$USER:$PASS" https://api.example.com/

# Header (explicit)
curl -H "Authorization: Basic $(echo -n "$USER:$PASS" | base64)" https://api.example.com/

# ISE ERS example
curl -ks -u "$ISE_USER:$ISE_PASS" "https://$ISE_HOST:9060/ers/config/endpoint"

# Direct
curl -H "Authorization: Bearer $TOKEN" https://api.example.com/

# From login response
TOKEN=$(curl -s -X POST https://auth.example.com/token \
  -d "grant_type=client_credentials" \
  -d "client_id=$CLIENT_ID" \
  -d "client_secret=$CLIENT_SECRET" | jq -r '.access_token')

curl -H "Authorization: Bearer $TOKEN" https://api.example.com/resource

# Login and get session ID (Synology)
SID=$(curl -ks "https://$NAS:5001/webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=$USER&passwd=$PASS&format=sid" | jq -r '.data.sid')

# Use session ID in subsequent requests
curl -ks "https://$NAS:5001/webapi/entry.cgi?api=SYNO.Core.System&version=1&method=info&_sid=$SID"

# Logout
curl -ks "https://$NAS:5001/webapi/auth.cgi?api=SYNO.API.Auth&version=1&method=logout&_sid=$SID"

# Login with AppRole
VAULT_TOKEN=$(curl -ks -X POST "$VAULT_ADDR/v1/auth/approle/login" \
  -d "{\"role_id\": \"$ROLE_ID\", \"secret_id\": \"$SECRET_ID\"}" | jq -r '.auth.client_token')

# Use token
curl -ks -H "X-Vault-Token: $VAULT_TOKEN" "$VAULT_ADDR/v1/kv/data/mypath"

# Or set env var
export VAULT_TOKEN
vault kv get kv/mypath

# curl with client cert
curl -ks --cert client.pem --key client.key --cacert ca.pem \
  https://secure-api.example.com/

# ISE pxGrid example
curl -ks --cert pxgrid-client.pem --key pxgrid-client.key \
  "https://$ISE_HOST:8910/pxgrid/anc/getEndpointPolicies"