API Guide

X-Auth-Token authentication

X-Auth-Token Authentication provides a more secure implementation. To establish a session, perform a POST operation on the

SessionService REST API.

POST https://[ IP Address ]/api/SessionService/Sessions

Input

{

"UserName":"root",

"Password":"linux",

"SessionType":"API"

}

The X-Auth-Token is available in the header that is returned.

connection →Keep-Alive

content-length →268

content-type →application/json; odata.metadata=minimal

date →Tue, 05 Sep 2017 11:55:29 GMT

keep-alive →timeout=5, max=150

location →/api/SessionService/Sessions('e1817fe6-97e5-4ea0-88a9-d865c7302152')

odata-version →4.0

server →Apache

x-auth-token →13bc3f63-9376-44dc-a09f-3a94591a7c5d

x-frame-options →DENY

This X-Auth-Token is used in the header for subsequent REST operations and to authenticate the user.

Authorization

Table 2. Authentication and authorization requirements

Actions Authentication required Authorization required

Read operation on any instrumentation data Y Y

Modify instrumentation data Y Y

Invoke actions Y Y

View service root N N

View metadata document N N

View OData service document N N

View message registry Y N

View Redfish version URI N N

View JSONSchemaFile resource URI N/A N/A

View JSON schemas URI N/A N/A

OME - Modular

Table 3. Role descriptions OME - Modular

Role Description

VIEW View all data, report execution and management, and so on.

APPLIANCE_SETUP Global appliance/OME - Modular settings that involve setup of the

appliance.

SECURITY_SETUP User management, security policies, proxy, and firewall setup.

MONITORING_SETUP Alerting policies, forwarding, SupportAssist, and so on.

POWER_CONTROL Reboot or power-cycle device.

22 Key integration concepts