/build/static/layout/Breadcrumb_cap_w.png

KACE API Unauthorized/Forbidden Errors

Does anyone know if an active support license is needed for interaction with the KACE API?

After hours of working with it I finally managed to grab the much-needed csrf token using the code below.

I'm able to authenticate using a user and get the csrf token back, though I have to retrieve the csrf token via returned web session cookies and don't see it in the header or body response of the first API POST authentication call.

However, when making any subsequent requests with the modified headers that include the csrf token, I get "Unauthorized" or "Forbidden" errors for each call.

Any input would be welcome! API inventory has been enabled in System Security preferences.

$Url = "https://k1000/ams/shared/api/security/login"

$headers = @{

Accept = 'application/json'
'Content-Type' = 'application/json'
'x-dell-api-version'= '8'

}


#DECLARE TLS 1.2 as apparently CP API past Server version 5.3.1 (on 6.7 at time of writing)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


$Body = @{
userName = 'username'
password = ''
organizationName = 'Workstations'
} | convertto-json

$response=Invoke-RestMethod $Url -Method Post -Headers $headers -Body $Body -ContentType 'application/json' -SessionVariable websession

$cookies = $websession.Cookies.GetCookies($url)

#get cookie
$csrf_token=$($($cookies | Select-String "KACE_CSRF_TOKEN").ToString()).Split("=")[1]

$headers2 = @{

Accept = 'application/json'
'Content-Type' = 'application/json'
organizationName = 'Workstations'
'x-dell-api-version'= '8'
'x-dell-csrf-token'= $csrf_token

}

$url2='https://k1000/api/asset/assets'

Invoke-RestMethod $url2 -Method Get -Headers $headers2 -ContentType 'application/json'



0 Comments   [ + ] Show comments

Answers (2)

Answer Summary:
Posted by: AbhayR 6 years ago
Red Belt
0

Top Answer

You are missing "-WebSession $websession" parameter in the 2nd Invoke-RestMethod call. That will carry the web-session between the 2 REST Calls.


Comments:
Posted by: isudothings 5 years ago
Senior Purple Belt
0

I have a powershell module for interacting with the API, which will simplify most of this.


https://github.com/artvandelay440/KaceSMA

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ