I’m very new to ZeroTier, so it’s quite likely I’m misunderstanding how to use the -T switch. I’m currently trying on Ubuntu 18.04, but I don’t believe that’s relevant.
I believe that the authentication token should be the one that zerotier generated when it was first installed. This is located in /var/lib/zerotier-one/authtoken.secret or ~/.zeroTierOneAuthToken on ubuntu.
There are two kinds of authentication tokens. One authenticates against the zerotier service running on your computer. The second authenticates against the external network controller API. The -T flag on the zerotier-cli command is the former local token. You can’t use the API token there.
Users must be authorized from the web UI or via the API as described here and here
Zerotier-cli does not directly use the management API at all I believe.
zerotier-one runs in the background on a machine, and is interacted with via a REST api via the zerotier-cli command or the UI tray application. As it’s a rest API, an API key is generated on first start of ZeroTier and that’s what’s used to communicate with the backend. Assuming you’re using an administrator command prompt to use zerotier-cli, there’s nothing you need to do manually to make use of this API key. It’s done automatically.
The API key you generated at https://my.zerotier.com/ is not the same token for the same use. That’s a token for use against the API at https://my.zerotier.com and will not work with zerotier-cli
Thanks a lot for clarifying, @maxwellfire! I didn’t realize there were 2 separate APIs.
What I was ultimately trying to achieve was to remove the need to authorize the member via the UI. I was hoping there’d be a way to pass an “auth key” of some sort to join a network as an authorized member programmatically.
Reading your reply, I understand that’s not possible
If you make the proper request to the zerotier central API, then you can add your client id, and then when you join the network it will be already authorized.
