Scripting Question

KACE API Unauthorized/Forbidden Errors

11/11/2018 975 views

Does anyone know if an active support license is needed for interaction with the KACE API?

After hours of working with it I finally managed to grab the much-needed csrf token using the code below.

I'm able to authenticate using a user and get the csrf token back, though I have to retrieve the csrf token via returned web session cookies and don't see it in the header or body response of the first API POST authentication call.

However, when making any subsequent requests with the modified headers that include the csrf token, I get "Unauthorized" or "Forbidden" errors for each call.

Any input would be welcome! API inventory has been enabled in System Security preferences.

$Url = "https://k1000/ams/shared/api/security/login"

$headers = @{

Accept = 'application/json'
'Content-Type' = 'application/json'
'x-dell-api-version'= '8'


#DECLARE TLS 1.2 as apparently CP API past Server version 5.3.1 (on 6.7 at time of writing)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$Body = @{
userName = 'username'
password = ''
organizationName = 'Workstations'
} | convertto-json

$response=Invoke-RestMethod $Url -Method Post -Headers $headers -Body $Body -ContentType 'application/json' -SessionVariable websession

$cookies = $websession.Cookies.GetCookies($url)

#get cookie
$csrf_token=$($($cookies | Select-String "KACE_CSRF_TOKEN").ToString()).Split("=")[1]

$headers2 = @{

Accept = 'application/json'
'Content-Type' = 'application/json'
organizationName = 'Workstations'
'x-dell-api-version'= '8'
'x-dell-csrf-token'= $csrf_token



Invoke-RestMethod $url2 -Method Get -Headers $headers2 -ContentType 'application/json'

Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author


You are missing "-WebSession $websession" parameter in the 2nd Invoke-RestMethod call. That will carry the web-session between the 2 REST Calls.

Answered 11/12/2018 by: AbhayR
Red Belt

All Answers


I have a powershell module for interacting with the API, which will simplify most of this.


Answered 01/11/2019 by: isudothings
Senior Purple Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ