The FXOS REST API uses a session-based method of authentication, requiring an HTTP
TOKEN
header in order to authenticate each request from an API
client.
All API requests except /api/login
must include this HTTP
TOKEN
header, with the TOKEN
value being the
actual token obtained in the /api/login
response. If the
TOKEN
is not specified in the header, an Authentication Required
error code will be returned by the REST API.
To obtain an authentication token, an API client must execute a POST
/api/login
call with the following HTTP headers: username:
<name_of_user> password: <user_password>
.
Note |
These user credentials must already exist on the chassis, or an Authentication Failed
error will be returned. Also, authentication will fail if the user password is
URL-encoded.
|
A successful /api/login
call will return an HTTP 200 code with this
payload:
{
"refreshPeriod": "string",
"token": "string"
}
For example:
{
"refreshPeriod": "0",
"token": "a205739a4d56359730c08ee7bda559cd6e4dd36ad65bb10a17f71d4cea356028"
}
You must extract this token and include it in the HTTP header when submitting all other
API method requests, and the header field name for the token must be
TOKEN
.
On authentication failure, the API will return an HTTP 400 code with this payload: {
"error-code": "551", "error-description": "Authentication failed", "error-nr":
"unidentified-fail" }
On authorization failure, the API will return an HTTP 400 code with the following payload
when the token is invalid: { "error-code": "552", "error-description": "Authorization
required", "error-nr": "service-unavailable" }
To log out, the client must submit a POST /api/logout
request with this
HTTP header: "TOKEN"= "<authentication_token>"
An HTTP 200 code is returned when a session was found and that session was terminated.
An HTTP 555 code is returned with the following payload when a valid session is not found
for the specified token: { "error-code": "555", "error-description": "Authorization
required", "error-nr": "service-unavailable" }