Using a Python script to access MQWEB with JSON Web Tokens

Colin Paice JSON Web Token(JWT), MQ on z/OS, MQWeb, z/OSMF August 11, 2025August 11, 2025 1 Minute

See JWT for my blog post on what JWT are and how they work.

I also gave myself the additional challenge of not saving sensitive information in disk files.

Once I had got the basics working using a Bash script, I used Python as a proper solution, because I could capture the information from the requests much easier.

Overall application

My overall application is

Issue a request to z/OSMF “https://10.1.1.2:10443/zosmf/services/authenticate” to do certificate logon, and return a JWT.
Use the JWT to send a request to MQWEB “https://10.1.1.2:9443/ibmmq/rest/v1/admin/action/qmgr/CSQ9/mqsc” to display MQ information

Python

Get the JWT

#!/usr/bin/env python3
from timeit import default_timer as timer
import ssl

#import time
#import base64
#import json
import sys
from http.client import HTTPConnection  # py3
import requests
import urllib3
# trace the traffic flow
HTTPConnection.debuglevel = 1

my_header = {  'Accept' : 'application/json' }

urllib3.disable_warnings()

geturl = "https://10.1.1.2:10443/zosmf/services/authenticate"

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)

certificate="colinpaice.pem"
key="colinpaice.key.pem"
cpcert=(certificate,key)

jar = requests.cookies.RequestsCookieJar()

caCert='./doczosca.pem'

s = requests.Session()
res = s.post(geturl,headers=my_header,cookies=jar,cert=cpcert,verify=caCert)

if res.status_code != 200:
    print(res.status_code)
#headers = res.headers
#print("Header",type(headers))
#for h in headers:
#    print(h,headers[h])

cookies = res.cookies.get_dict()
token=""
for c in cookies:
    print("cookie",c,cookies[c])
    if c == "jwtToken":
        token = cookies[c]

if token == "" :
    print("No jwtToken cookie returned ")
    sys.exit(8)

Issue the MQ command

print("===========NOW DO MQ ==============")
mqurl="https://10.1.1.2:9443/ibmmq/rest/v1/admin/action/qmgr/CSQ9/mqsc"
tok = "Bearer " + token
mq_header = {
  'Accept' : 'application/json',
  'Authorization' : tok,
  'Content-Type': 'application/json',
  'ibm-mq-rest-csrf-token' : ''
}

data={"type": "runCommand",
       "parameters": {"command": "DIS QMGR ALL"}}

mqres = s.post(mqurl,headers=mq_header,cookies=jar,verify=False,json=data)

print("==MQRES",mqres)
print("mqheader",mqres.headers )
print("mqtext",mqres.text)

sys.exit(0)

Notes:

The authorisation token is created by “Beader ” concatenated from the jwtToken value.
The data is created as json. {“type”: “runCommand”,….}. It needs header ‘Content-Type’: ‘application/json’,

Published by Colin Paice

I retired from IBM where I worked on MQ on z/OS, and did customer stuff. I retired, and keep my hand in with MQ, by playing with it! I'm now an #IBMChampion from my work trying to make z/OS product more usable. View all posts by Colin Paice

Published August 11, 2025August 11, 2025

One thought on “Using a Python script to access MQWEB with JSON Web Tokens”

Pingback: Using a Bash script to access MQWEB with JSON Web Tokens – ColinPaice

Leave a comment Cancel reply