API authentication difficulties
Hi,
I'm new to this forum, so first of all thank you for allowing me to ask questions here.
I'm working on gathering the inventory of machines through the KACE api. When I'm following the API manual (9), I make the POST through the /ams/shared/api/security/login with the json-body containing username and password.
I'm using GUZZLE, a HTTPclient for php, which makes life a bit easier than handling through Curl. So, the Post setup looks as follow:
$response = $client->post( 'ams/shared/api/security/login', [
'json' => [
'password' => 'my_password',
'userName' => 'my_username'
],
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/json',
'x-dell-api-version' => '9'
]
]);
This goes well and I get a header with 'x-dell-csrf-token' and the value, still good so far.
Now I want to do an inventory request, by using: GET api/inventory/machines/
Before that, the API doc says to set the header in the request to 'x-dell-csrf-token' and the value you received before. That's what I'm doing:
$request = new Request('GET','api/inventory/machines/',[
'headers' => [
'Accept' => 'application/json',
'Content-Type' => 'application/json',
'x-dell-api-version' => '9',
'x-dell-csrf-token' => $CSRF_Cookie
]
]);
$client->send($request);
However, no matter what I try, I either get "Invalid token" or 401 unauthorized answer....
I tried everything. I wrote the complete code with Curl, added headers, added also the BEARER token in the header, nothing seems to work...
I have no clue how to fix this? Maybe someone can assist with this?
Thank you in advance!
/Jasper
Authentication output, first output is the headers the script receives back after the login, including the x-dell-csrf-token. The second output, is the GET request with the header set....error not logged in:
Answers (2)
Top Answer
You need to put your hand in the cookie jar. :-)
The example below will require you to change or remove autoloader and change the IP to match your environment.
Comments:
-
My god! I spent so many hours to get this working. And it was the COOKIES! Thanks VERY much Kevin! ps. This was not mentioned in the API reference or? The api was just mentioning to send the GET request including the x-dell-csrf-token header.... - jdejong 5 years ago
-
The API reference doc is, unfortunately, not great. - JasonEgg 5 years ago
-
I know this is somewhat old, I am trying to do this from ServiceNow. I found this thread which helped me know that I needed to use the cookies in my header for follow up gets, however, my cookies all end with path=/; HttpOnly or some variation. For it to work with ServiceNow, I need to strip all of that out and simply have the initial cookie value returned for each item, without the extra stuff at the end. if that stuff is included, then the error I get is: {"errorCode":-1,"errorDescription":"Invalid CSRF Token"}
Or figure out how to make it be ok with those items in the cookie - mpayerle 4 years ago
$data = array("password" => 'xxxxxxxxx', "userName" => "xxxxxxx", "organizationName" => "default" );
$data_string = json_encode($data);
$ch = curl_init('https://xxxxxxx/ams/shared/api/security/login');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json','x-dell-api-version: 8'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_HEADER, true);
$output = curl_exec($ch);
$lines = explode("\n",$output);
$out = array();
$headers = true;
foreach ($lines as $l)
{
$l = trim($l);
if (strpos($l, 'x-dell-csrf-token:') !== FALSE)
{
$token = explode(": ","$l");
$token = trim($token[1]);
}
}
foreach ($lines as $l)
{
$l = trim($l);
if (strpos($l, 'Set-Cookie:') !== FALSE)
{
$cook1 = explode(": ","$l");
$cook2 = trim($cook1[1]);
$cook3 = explode(";","$cook2");
$cook4 = trim($cook3[0]);
$cookie1 .= $cook4.'; ';
}
}
$cookie2 = trim($cookie1);
$cookie = substr_replace($cookie2, "", -1);
curl_close ($ch);
unset($ch);
$ch = curl_init('https://xxxxxxx/api/asset/assets/284995');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json','x-dell-api-version: 8','x-dell-csrf-token: '.$token.'','Cookie: '.$cookie.''));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$buf2 = curl_exec ($ch);
echo $buf2;
curl_close ($ch);
?>