/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


API authentication difficulties

09/17/2019 177 views

Hi, 

I'm new to this forum, so first of all thank you for allowing me to ask questions here. 

I'm working on gathering the inventory of machines through the KACE api. When I'm following the API manual (9), I make the POST through the /ams/shared/api/security/login with the json-body containing username and password. 

I'm using GUZZLE, a HTTPclient for php, which makes life a bit easier than handling through Curl. So, the Post setup looks as follow: 

$response = $client->post( 'ams/shared/api/security/login', [

    'json'    => [

'password' => 'my_password',

'userName' => 'my_username'

],

'headers' => [

'Accept' => 'application/json',

'Content-Type' => 'application/json',

'x-dell-api-version' =>  '9'

    ]

]); 

This goes well and I get a header with 'x-dell-csrf-token' and the value, still good so far.

Now I want to do an inventory request, by using: GET api/inventory/machines/

Before that, the API doc says to set the header in the request to 'x-dell-csrf-token' and the value you received before. That's what I'm doing: 


$request = new Request('GET','api/inventory/machines/',[

'headers' => [

'Accept' => 'application/json',

'Content-Type' => 'application/json',

'x-dell-api-version' => '9',

'x-dell-csrf-token' => $CSRF_Cookie

]);

$client->send($request);

However, no matter what I try, I either get "Invalid token" or 401 unauthorized answer....

I tried everything. I wrote the complete code with Curl, added headers, added also the BEARER token in the header, nothing seems to work...

I have no clue how to fix this? Maybe someone can assist with this?

Thank you in advance!

/Jasper

Authentication output, first output is the headers the script receives back after the login, including the x-dell-csrf-token. The second output, is the GET request with the header set....error not logged in: 


Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

2

You need to put your hand in the cookie jar.  :-)

The example below will require you to change or remove autoloader and change the IP  to match your environment.


<?php

require __DIR__ . '/vendor/autoload.php';

$client = new GuzzleHttp\Client();
$jar = new \GuzzleHttp\Cookie\CookieJar;


 $res = $client->request('POST','http://192.168.1.110/ams/shared/api/security/login', [
                            'json'    => ['userName' => 'admin',
                                          'password' => 'password',
                                          'organizationName' => 'Default'],
                            'headers' => ['Content-Type' => 'application/json',
                                          'Accept' => 'application/json',
                                          'x-dell-api-version' => '5'],
                            'cookies' => $jar

]);

$token = $res->getHeaderLine('X-DELL-CSRF-TOKEN');

$res = $client->request('GET','http://192.168.1.110/api/inventory/machines/', [
                            'headers' => [  'Content-Type' => 'application/json',
                                            'Accept' => 'application/json',
                                            'x-dell-api-version' => '5',
                                            'X-DELL-CSRF-TOKEN' => $token ],
                             'cookies' => $jar

]);

$body = $res->getBody();
// Implicitly cast the body to a string and echo it
echo $body;

Answered 09/17/2019 by: KevinG
Fourth Degree Green Belt

  • My god! I spent so many hours to get this working. And it was the COOKIES! Thanks VERY much Kevin! ps. This was not mentioned in the API reference or? The api was just mentioning to send the GET request including the x-dell-csrf-token header....
    • The API reference doc is, unfortunately, not great.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share