Werk #16223: Deprecate automation user login via HTTP parameters

Component Setup
Title Deprecate automation user login via HTTP parameters
Date Nov 19, 2023
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.3.0b1
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed

Checkmk offers a method to authenticate individual requests with the _username/_secret parameter. This also works for GET requests and was used for the Webapi (removed in 2.2).

Having secrets in GET parameters is considered bad practice since these parameters are usually logged by webservers and web proxies.

With this Werk we deprecate this authentication method. This means we now introduced a configuration option Enable automation user authentication via HTTP parameters to enable/disable this method. By default it is enabled to not interrupt existing workflows. In Checkmk 2.4 we will disable this by default so it will still be possible to enable this. In Checkmk 2.5 this method will be removed entirely.

If you currently use this method we recommend to switch to Basic Authentication.

To the list of all Werks