Reference Guide
3
Authentication Headers
All API requests require 3 custom HTTP headers for authentication.
• X-dell-auth-key
• X-dell-auth-signature
• X-dell-auth-timestamp
In order to compute the authentication headers, first a REST call must be made to the /Authenticate
endpoint. The Full URI is /Api/V1/Authenticate.
This call must be a POST request supplying either an XML or JSON payload. For illustration, the XML
payload will follow the structure below providing the user name and password:
<AuthenticateRequest>
<userName>admin</userName>
<domain>ASMLOCAL</domain>
<password>abc123</password>
</AuthenticateRequest>
This call must be a POST request supplying either an XML or JSON payload. For illustration, the XML
payload will follow the structure below providing the user name and password:
Depending on the Accept header, the response will contain either an XML or JSON payload. For
illustration we show the XML version:
<AuthenticateResponse>
<userName>admin</userName>
<domain>ASMLOCAL</domain>
<role>Administrator</role>
<apiKey>34b3577f7c3c03174a9a506b</apiKey>
<apiSecret>9a6d9692ba64142e6a1934f9be994f3b0ae63959a6132c8b</apiSecret>
</AuthenticateResponse>
The returned apiKey and apiSecret from the XML response above will then be used to generate the
security headers. The method is to concatenate 5 values and then compute a digest using the apiSecret
from above. For illustration, a Ruby implementation of the generated headers is shown. This relies on the
base64 and openssl gems to compute the signature and is extracted from the supplied Ruby ASM module
discussed further in Appendix C.
apiKey = '34b3577f7c3c03174a9a506b'
apiSecret = '9a6d9692ba64142e6a1934f9be994f3b0ae63959a6132c8b'
timestamp = Time.now.to_i.to_s
# Concatenate the following values
requestString = "%s:%s:%s:%s:%s" %
[apiKey,httpMethod,uriPath,userAgent,timestamp]
# Compute a digest on concatenated string using apiSecret
hash_str = OpenSSL::HMAC.digest('sha256',apiSecret,requestString)
signature = Base64.strict_encode64(hash_str)
11