OO 10.51 API Authentication Method
We have been looking at OO's API and like what we can do with it, we do have a script we wrote to help a few of our applications communicate with it. This required us to have a user name and password in the script which we really dont like, i saved it as base64. Is it possible to set up some encrypted password where OO could decrypt it?
In theory you could try to encrypt the password using OO's password encryption tool ( oo_folder\central\bin\encrypt-password ) and then provide the result in the script. In theory OO when faced with an encrypted string in this format will try to decrypt it before using it, therefore it may work.
Keep in mind that since it is not OO sending this string, but an external party the string may also be taken quite literally and not work.
Hope this helps,
OO has a mechanism to store credentials in what are called System Accounts. Can you detail why storing credentials in System Accounts does not work for you?
I have tried passing the encrypted string and it didnt work. We have created an internal account with accesss to just that one flow. On our network we are very strick with security and access to certian applications. OO is one of those applications as the main OO System account we have has high rights to our network. This would be a nice feature to the API for some of us that have to deal with very strick security requirements.
Did you encrypted the password and encode the credentials back into base64 to be passed as the Authorization? I pass it in the header and not in the script when making a REST call.
It works for me, but I'm on version 10.22.
Here are my steps(assuming internal account already setup):
- Encrypted password with encrypt-password.bat
- Base64 encode the credentials: username:encrypted_password
- Add authorization header to REST call: Authorization: Basic encoded_Crendential
Have you checked if the issue you are facing is not related to the CSRF protection flag that was added in 10.50?
(you may see auth issues when doing HTTP POST/PUT but not GET)
So i just followed the above steps again and used our powershell function to make the call to "/rest/v1/roles" just to see if i get anything back and i get the below error.
"Exception calling "Add" with "2" argument(s): "Specified value has invalid CRLF characters"
For CSRF see the "CSRF Protection in HPE OO 10.x" section from the API guide on how to work with servers having this protection activated (reccomended).
Basically what you need to do is to populate as well X-CSRF-TOKEN header with a token received from the OO server.