/build/static/layout/Breadcrumb_cap_w.png

API authentication difficulties

Hi, 

I'm new to this forum, so first of all thank you for allowing me to ask questions here. 

I'm working on gathering the inventory of machines through the KACE api. When I'm following the API manual (9), I make the POST through the /ams/shared/api/security/login with the json-body containing username and password. 

I'm using GUZZLE, a HTTPclient for php, which makes life a bit easier than handling through Curl. So, the Post setup looks as follow: 

$response = $client->post( 'ams/shared/api/security/login', [

    'json'    => [

'password' => 'my_password',

'userName' => 'my_username'

],

'headers' => [

'Accept' => 'application/json',

'Content-Type' => 'application/json',

'x-dell-api-version' =>  '9'

    ]

]); 

This goes well and I get a header with 'x-dell-csrf-token' and the value, still good so far.

Now I want to do an inventory request, by using: GET api/inventory/machines/

Before that, the API doc says to set the header in the request to 'x-dell-csrf-token' and the value you received before. That's what I'm doing: 


$request = new Request('GET','api/inventory/machines/',[

'headers' => [

'Accept' => 'application/json',

'Content-Type' => 'application/json',

'x-dell-api-version' => '9',

'x-dell-csrf-token' => $CSRF_Cookie

]);

$client->send($request);

However, no matter what I try, I either get "Invalid token" or 401 unauthorized answer....

I tried everything. I wrote the complete code with Curl, added headers, added also the BEARER token in the header, nothing seems to work...

I have no clue how to fix this? Maybe someone can assist with this?

Thank you in advance!

/Jasper

Authentication output, first output is the headers the script receives back after the login, including the x-dell-csrf-token. The second output, is the GET request with the header set....error not logged in: 


Asked 4 years ago 565 views
0 Comments   [ + ] Show comments

Answers (2)

Answer Summary:
Posted by: KevinG 4 years ago
Red Belt
2

Top Answer

You need to put your hand in the cookie jar.  :-)

The example below will require you to change or remove autoloader and change the IP  to match your environment.


<?php

require __DIR__ . '/vendor/autoload.php';

$client = new GuzzleHttp\Client();
$jar = new \GuzzleHttp\Cookie\CookieJar;


 $res = $client->request('POST','http://192.168.1.110/ams/shared/api/security/login', [
                            'json'    => ['userName' => 'admin',
                                          'password' => 'password',
                                          'organizationName' => 'Default'],
                            'headers' => ['Content-Type' => 'application/json',
                                          'Accept' => 'application/json',
                                          'x-dell-api-version' => '5'],
                            'cookies' => $jar

]);

$token = $res->getHeaderLine('X-DELL-CSRF-TOKEN');

$res = $client->request('GET','http://192.168.1.110/api/inventory/machines/', [
                            'headers' => [  'Content-Type' => 'application/json',
                                            'Accept' => 'application/json',
                                            'x-dell-api-version' => '5',
                                            'X-DELL-CSRF-TOKEN' => $token ],
                             'cookies' => $jar

]);

$body = $res->getBody();
// Implicitly cast the body to a string and echo it
echo $body;

Comments:
  • My god! I spent so many hours to get this working. And it was the COOKIES! Thanks VERY much Kevin! ps. This was not mentioned in the API reference or? The api was just mentioning to send the GET request including the x-dell-csrf-token header.... - jdejong 4 years ago
    • The API reference doc is, unfortunately, not great. - JasonEgg 4 years ago
    • I know this is somewhat old, I am trying to do this from ServiceNow. I found this thread which helped me know that I needed to use the cookies in my header for follow up gets, however, my cookies all end with path=/; HttpOnly or some variation. For it to work with ServiceNow, I need to strip all of that out and simply have the initial cookie value returned for each item, without the extra stuff at the end. if that stuff is included, then the error I get is: {"errorCode":-1,"errorDescription":"Invalid CSRF Token"}
      Or figure out how to make it be ok with those items in the cookie - mpayerle 3 years ago
Posted by: mbirkess 3 years ago
White Belt
1
<?php
$data = array("password" => 'xxxxxxxxx', "userName" => "xxxxxxx", "organizationName" => "default" );
$data_string = json_encode($data);
$ch = curl_init('https://xxxxxxx/ams/shared/api/security/login');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json','x-dell-api-version: 8'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_HEADER, true);
$output = curl_exec($ch);
$lines = explode("\n",$output);
$out = array();
$headers = true;
foreach ($lines as $l)
    {
        $l = trim($l);
        if (strpos($l, 'x-dell-csrf-token:') !== FALSE)
        {
            $token = explode(": ","$l");
            $token = trim($token[1]);
        }
    }   
foreach ($lines as $l)
    {
        $l = trim($l);
        if (strpos($l, 'Set-Cookie:') !== FALSE)
        {
            $cook1 = explode(": ","$l");
            $cook2 = trim($cook1[1]);
            $cook3 = explode(";","$cook2");
            $cook4 = trim($cook3[0]);
            $cookie1 .= $cook4.'; ';
        }
    }  
$cookie2 = trim($cookie1);
$cookie = substr_replace($cookie2, "", -1);
curl_close ($ch);
unset($ch);
$ch = curl_init('https://xxxxxxx/api/asset/assets/284995');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json','x-dell-api-version: 8','x-dell-csrf-token: '.$token.'','Cookie: '.$cookie.''));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$buf2 = curl_exec ($ch);
echo $buf2;
curl_close ($ch);
?>
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ