cURL

cURL is a command-line tool and application library used to transfer data to or from a server.

cURL is a command-line tool and application library used to transfer data to or from a server. All API requests sent to a Vertica server must be made with HTTPS.

There are four HTTP requests that can be passed using cURL to call API methods:

  • GET: Retrieves data.

  • PUT: Updates data.

  • POST: Creates new data.

  • DELETE: Deletes data.

Syntax

curl https://<NODE>:5444/

Options

The following is a truncated list of options. For a complete list, see the cURL documentation.

-h --help Lists all available options.
-H --header

Specifies custom headers. This is useful for sending a request that requires a Vertica API key.

Example:

$ curl -H "VerticaApiKey: ValidAPIKey" https://<NODE>:5444/
-k --insecure

Connects with TLS without validating the database's server certificate.

Example:

$ curl -k https://<NODE>:5444/
-X --request

Specifies a request type, one of the following:

  • GET (default)

  • PUT

  • POST

  • DELETE

Example:

$ curl -X REQUEST https://<NODE>:5444/

Configuring HTTPS

HTTPS encrypts your connection with TLS. The following procedure enables HTTPS by using the predefined server TLS Configuration. To create a custom TLS Configuration, see TLS configurations.

  1. Generate or import the following according to your use case:

    • Server Mode: server certificate private key, server certificate

    • Mutual Mode: server certificate private key, server certificate, CA certificate(s)

  2. Run the following commands according to your desired configuration. New connections will use TLS.

    • To use Server Mode, set the server certificate for the server TLS Configuration:

      => ALTER TLS CONFIGURATION server CERTIFICATE server_cert;

    • To use Mutual Mode, set a server and CA certificate. This CA certificate is used to verify client certificates:

      => ALTER TLS CONFIGURATION server CERTIFICATE server_cert ADD CA CERTIFICATES ca_cert;

      To use multiple CA certificates, separate them with commas:

      => ALTER TLS CONFIGURATION server CERTIFICATE server_cert
   ADD CA CERTIFICATES intermediate_ca_cert, ca_cert;

  3. Enable TLS (disabled by default). Choose one of the following TLSMODEs, listed in ascending security.

    • DISABLE: Disables TLS. All other options for this parameter enable TLS.

    • ENABLE: Enables TLS. Vertica does not check client certificates.

    • TRY_VERIFY: Establishes a TLS connection if one of the following is true:

      • the client presents a valid certificate

      • the client doesn't present a certificate

      If the client presents an invalid certificate, the connection will use plaintext.

    • VERIFY_CA: Connection succeeds if Vertica verifies that the client certificate is from a trusted CA. If the client does not present a client certificate, the connection uses plaintext.

    TLS Configurations also support the TLSMODE VERIFY_FULL, but this TLSMODE is unsupported for HTTPS and behaves like VERIFY_CA.

    For Server Mode, choose ENABLE:

    => ALTER TLS CONFIGURATION server TLSMODE 'ENABLE';

    For Mutual Mode, choose TRY_VERIFY or higher:

    => ALTER TLS CONFIGURATION server TLSMODE 'VERIFY_CA';

  4. Verify that the HttpsTLSConfig parameters is set to the server TLS Configuration:

    => SHOW CURRENT HttpsTLSConfig;
  level  |      name       | setting
---------+-----------------+---------
 DEFAULT | HttpsTLSConfig  | server
(1 row)

    If not, set the HttpsTLSConfig parameter:

    => ALTER DATABASE DEFAULT SET HttpsTLSConfig = 'server';