KACE API Unauthorized/Forbidden Errors
Does anyone know if an active support license is needed for interaction with the KACE API?
After hours of working with it I finally managed to grab the much-needed csrf token using the code below.
I'm able to authenticate using a user and get the csrf token back, though I have to retrieve the csrf token via returned web session cookies and don't see it in the header or body response of the first API POST authentication call.
However, when making any subsequent requests with the modified headers that include the csrf token, I get "Unauthorized" or "Forbidden" errors for each call.
Any input would be welcome! API inventory has been enabled in System Security preferences.
$Url = "https://k1000/ams/shared/api/security/login"
$headers = @{
Accept = 'application/json'
'Content-Type' = 'application/json'
'x-dell-api-version'= '8'
}
#DECLARE TLS 1.2 as apparently CP API past Server version 5.3.1 (on 6.7 at time of writing)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$Body = @{
userName = 'username'
password = ''
organizationName = 'Workstations'
} | convertto-json
$response=Invoke-RestMethod $Url -Method Post -Headers $headers -Body $Body -ContentType 'application/json' -SessionVariable websession
$cookies = $websession.Cookies.GetCookies($url)
#get cookie
$csrf_token=$($($cookies | Select-String "KACE_CSRF_TOKEN").ToString()).Split("=")[1]
$headers2 = @{
Accept = 'application/json'
'Content-Type' = 'application/json'
organizationName = 'Workstations'
'x-dell-api-version'= '8'
'x-dell-csrf-token'= $csrf_token
}
$url2='https://k1000/api/asset/assets'
Invoke-RestMethod $url2 -Method Get -Headers $headers2 -ContentType 'application/json'
Answers (2)
Top Answer
You are missing "-WebSession $websession" parameter in the 2nd Invoke-RestMethod call. That will carry the web-session between the 2 REST Calls.
Comments:
-
brilliant! this fixed. thank you. - cjohnson@pandora.com 6 years ago