Manualshelf

Extreme API with Python

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesWired and wireless orchestration for campus and IoT networks
11121314151617181920
Table Of Contents
Extreme API with Python
Page | 12
Part no.9036931-00 Rev AA February 2021
The result is shown below:
C:\Extreme API with Python> headers-example.py
Headers sent: {'User-Agent': 'python-requests/2.22.0', 'Accept-Encoding':
'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'content-type':
'application/json', 'x-auth-token': 'c3RlZjpleHRyZW1l'}
Headers received: {'Date': 'Sun, 14 Jun 2020 15:03:53 GMT', 'Content-Type':
'application/json', 'Content-Length': '390', 'Connection': 'keep-alive',
'Server': 'gunicorn/19.9.0', 'Access-Control-Allow-Origin': '*', 'Access-
Control-Allow-Credentials': 'true'}
2.3 Authentication and Authorization
Most APIs will ask for some form of authentication or authorization before granting access to data.
Some form of authentication will be necessary even when you are accessing public data.
Because HTTP is stateless, this is a key aspect of HTTP transport . Being stateless means a server, API,
has no idea who is requesting/sending data for every transaction. So, if that data is not public,
authentication/authorization information must be sent in every request. As you cannot expect to type
your login/password for every CALL, there’s a need to have an alternate way to manage that
authentication process.
As a quick reminder, although authentication and authorization are related, they are different concepts.
Authentication validates who you are, to give you access to what belongs to your profile, while
authorization is more about what data you can access.
The most common authentication methods include Basic, Bearer, API key, and OAuth.
Several other methods exist, and some are standardized.
http://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
These methods are described in the following sections.
2.3.1 Basic Authentication
Basic authentication is a classic and is well-defined with HTTP. These are the usual login and password
credentials that you provide when identifying yourself to the API. These credentials are stored in the
authorization portion of the HTTP headers. The credentials are not sent in plain text but are encoded in
base64. Because this encoding mechanism is not an encryption, the best practice is to use it only with
HTTPS.
2.3.2 Bearer Authentication
This method is also called token authentication and involves security tokens called bearer tokens. The
name can be understood as “give access to the bearer of this token”. The token is a cryptic string
generated by the server in response to a login request, and is sent in the authorization headers. The