API Guide

ManualsBrandsDell ManualsC SeriesPowerEdge R230

• Basic authentication: In this method, user name and password are provided for each Redfish API request.

• Session-based authentication: This method is used while issuing multiple Redfish operation requests.

○ Session login is initiated by accessing the Create session URI. The response for this request includes an X-Auth-Token header with

a session token. Authentication for subsequent requests is made using the X-Auth-Token header.

○ Session logout is performed by issuing a DELETE of the Session resource provided by the Login operation including the X-Auth-

Token header.

NOTE: The iDRAC firmware incorporates the concept of application sessions for various existing interfaces such as the

web interface, WSMan, and RACADM. With the introduction of Redfish-specific sessions, Redfish inherits the

characteristics of web server sessions and the property Session Timeout inherits the web server session timeout value.

NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 or later.

Roles and privileges

To allow different levels of access to Redfish services, you can create user accounts with specific roles. The following table lists the roles

and the privileges assigned to them:

Table 2. Roles and privileges

Role Assigned privileges OEM privileges

Administrator

• Login

• ConfigureComponents

• ConfigureManager

• ConfigureSelf

• ConfigureUsers

• ClearLogs

• AccessVirtualConsole

• AccessVirtualMedia

• TestAlerts

• ExecuteDebugCommands

Operator

• Login

• ConfigureComponents

• ConfigureSelf

ReadOnly

• Login

iDRAC licensing

Redfish support is included in all license types of iDRAC. However, some of the iDRAC features require specific licenses. If a required

license is not present, certain Redfish APIs may not be accessible and return an HTTP 403 status code. 403 implies that there is no

sufficient privileges. In other cases, some of the properties in certain resource may not be returned in a response. The service may also

return errors when such properties are modified. For information of specific license requirements for the resources, see Redfish resources

on page 17.

HTTP methods

The REST API allows you to specify the type of request. It adheres to the Create, Retrieve, Update, and Delete (CRUD) standard format.

The data is generated by accessing URIs that can be accessed by using the following HTTP methods:

• GET

• HEAD

• POST

• PUT

• PATCH

• DELETE

GET

Use the GET method to retrieve a representation of a resource. The representation can either be a single resource or a collection.

Depending on the media type, the service returns the resource representation by using one of the media types specified in the Accept

Redfish-based systems management