REST API command to get the individual user notebook details - Requesting for help

[Praveen Krishnamoorthy]

Hello Everyone,

I'm currently working on a script that should check the status of all notebooks (initiated by different users) inside JupyterHub. I'm trying to achieve this by making REST API calls to the server. At the start the script creates a token for the admin user, adds to the jupyterhub_config.py and makes a REST call to get the list of users.

API command fetch the list of users : curl -XGET -s -k https://localhost:9443/hub/api/users -H "Authorization: token $apitoken " | jq .

Now I'm trying to fetch the notebook details that are initiated by each user.I don't know REST command to use to get these details. I found that  jupyter has REST commands defined in -  https://github.com/jupyter/jupyter/wiki/Jupyter-Notebook-Server-API.

Could any please help me with the REST commands to get the individual notebook details, It would be very helpful ?

Thanks,

Praveen.

[Roland Weber]

Hello Praveen,

each user is running their own notebook server(s). You'll have to connect to each of these servers in turn to query notebook status. But I don't think your admin token will be accepted by those notebook servers.

You could change the authentication logic of the notebook servers to accept an admin token. But if you go down that road, it becomes very easy to inadvertently open up gaping holes in the security architecture. For example, users could inspect the memory of their own notebook servers to extract the admin token, and then access other user's notebook servers with that. You'd have to generate per-user admin tokens in a cryptographically secure way to prevent that kind of attack. Or use a challenge-response authentication scheme with asymmetric cryptography.

Unless someone else can point you to an existing API and authentication architecture that provides what you need, I strongly advise against rolling your own.

cheers,

  Roland