API Guide

Authentication Headers

All API requests require 3 custom HTTP headers for authentication.

• X-dell-auth-key

• X-dell-auth-signature

• X-dell-auth-timestamp

In order to compute the authentication headers, rst a REST call must be made to the /Authenticate endpoint. The Full URI

is /Api/V1/Authenticate.

This call must be a POST request supplying either an XML or JSON payload. For illustration, the XML payload will follow the

structure below providing the user name and password:

<userName>admin</userName>

<domain>ASMLOCAL</domain>

</AuthenticateRequest>

This call must be a POST request supplying either an XML or JSON payload. For illustration, the XML payload will follow the

structure below providing the user name and password:

Depending on the Accept header, the response will contain either an XML or JSON payload. For illustration we show the XML

version:

<userName>admin</userName>

<domain>ASMLOCAL</domain>

<role>Administrator</role>

</AuthenticateResponse>

The returned apiKey and apiSecret from the XML response above will then be used to generate the security headers. The method is

to concatenate 5 values and then compute a digest using the apiSecret from above. For illustration, a Ruby implementation of the

generated headers is shown. This relies on the base64 and openssl gems to compute the signature and is extracted from the

supplied Ruby ASM module discussed further in Appendix C.

apiKey = '34b3577f7c3c03174a9a506b'

apiSecret = '9a6d9692ba64142e6a1934f9be994f3b0ae63959a6132c8b'

timestamp = Time.now.to_i.to_s

# Concatenate the following values

requestString = "%s:%s:%s:%s:%s" % [apiKey,httpMethod,uriPath,userAgent,timestamp]

# Compute a digest on concatenated string using apiSecret

hash_str = OpenSSL::HMAC.digest('sha256',apiSecret,requestString)

signature = Base64.strict_encode64(hash_str)

headers['x-dell-auth-key'] = apiKey

headers['x-dell-auth-signature'] = signature

headers['x-dell-auth-timestamp'] = timestamp