\nThe documentation pages in this section describe\nthe RESTful APIs included with NetProfiler\nproducts. It is assumed that the reader has practical knowledge of\nRESTful APIs, so the documentation does not go into detail about what\nREST is and how to use it. Instead the documentation focuses on what\ndata can be accessed and how to access it.\n<\/p>\n\n
\nThe primary focus of the current version of the API is on providing\naccess to common data. The following information can be accessed\nvia the API:\n<\/p>\n
\nDetails about REST resources can be found in the Resources<\/b>\nsection. \n<\/p>\nSSL<\/h2>\n\n
All communication to the profiler is SSL encrypted on Port 443. There is no support for access to the profiler on the standard HTTP port 80.<\/p>\n\n
The ciphers supported by the Profiler may change, depending on security setting (e.g., FIPS mode). Any client when initiating a request must include one or more ciphers available in the Profiler's configured list. Otherwise, the client will receive an SSL error indicating that there is no cipher overlap, and will be unable to connect.<\/p>\n\n
The profiler by default uses a self-signed certificate for SSL communication. The client should be able to handle this, by permitting self-signed certificates.<\/p>\n\n
Using the 'curl' command line client to request the services resource on a non-FIPS box. The -k switch is used to allow the self-signed certificate, and a cipher suite (SSL v3) is provided.<\/p>\n\n
curl -k -3 https:\/\/hostname:443\/api\/common\/1.0\/services<\/pre>\n\nUsing the 'curl' command line client to request the services resource on a FIPS box. An explicit cipher is selected.<\/p>\n\n
curl --ciphers rsa_aes_256_sha -k https:\/\/hostname:443\/api\/common\/1.0\/services<\/pre>\n\nKnown Issues<\/h3>\n\n
Some clients, such as Curl (both as a library and a command line executable), do not support both an explicit cipher list, and a cipher suite. The following command will fail on a FIPS Profiler:<\/p>\n\n
curl --ciphers rsa_aes_256_sha -3 -k https:\/\/hostname:443\/api\/common\/1.0\/services<\/pre>\n\nThis is because the cipher suite (-3) overrides the --ciphers argument. Clients with this issue will receive a 'no cipher overlap' error, even if they have explicitly provided a cipher that is known to be FIPS compliant.<\/p>\n
BASIC Authentication<\/h2>\n\n
For BASIC authentication the request header \"Authorization\" must be set to a base64-encoded string of username:password.<\/p>\n\n
\nIf the \"Authorization\" header is not provided, the \"WWW-Authenticate\" response header is returned.\nBasic authentication has a built-in support in various tools. Refer to the coding examples.\n<\/p>\n\n
Example of client request to protected resource using Basic Authentication:<\/p>\n\n
\nPOST \/api\/profiler\/1.0\/ping\nHost: 127.0.0.1\nAccept: application\/json\nAuthorization: Basic YWRtaW46YWRtaW4=\n<\/pre>\n\nServer response:<\/p>\n\n
HTTP\/1.1 204 OK<\/pre>\nSample PHP script for BASIC authentication<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n \n \n\n
Sample Python script for BASIC authentication<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n \n from urlparse import urlparse\n import base64\n import logging\n import httplib\n import json\n import time\n import sys\n \n HOST = '127.0.0.1'\n BASIC_AUTH = 'admin:admin'\n \n # Lib functions\n \n def do_GET(url):\n '''HTTP GET'''\n \n conn = httplib.HTTPSConnection(HOST, 443)\n \n headers = {\"Authorization\" : \"Basic %s\" % base64.b64encode(BASIC_AUTH),\n \"Content-Length\" : 0,\n \"Accept\" : \"application\/json\"}\n \n conn.request('GET', url, body=\"\", headers=headers)\n \n res = conn.getresponse()\n \n info = {\"status\" : res.status,\n \"headers\" : res.getheaders()}\n \n data = res.read()\n conn.close()\n return data, info\n \n # Ping to test basic authentication\n \n url = \"https:\/\/%s\/api\/profiler\/1.0\/ping\" % HOST\n print \"GET %s\" % url\n \n output, info = do_GET(url)\n \n if (info['status'] == 204):\n print \"Ping is successful!\"\n else:\n print \"Ping failed!\"\n print output;\n \n\n
Sample Perl script for BASIC authentication<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n \n #!\/usr\/bin\/perl\n use strict;\n use warnings;\n \n use LWP::UserAgent;\n use HTTP::Request;\n use List::MoreUtils qw(firstidx);\n use JSON qw( encode_json decode_json );\n \n use constant HOST => '127.0.0.1';\n use constant LOGIN => 'admin';\n use constant PASSWORD => 'admin';\n \n our $ua = LWP::UserAgent->new;\n $ua->agent(\"ProfilerScript\/0.1\");\n \n our $API_BASE = \"https:\/\/127.0.0.1\";\n \n sub _request($) \n {\n my $req = shift;\n \n $req->header('Accept' => 'application\/json');\n $req->authorization_basic(LOGIN, PASSWORD);\n \n my $res = $ua->request($req);\n \n return {\n code => $res->code,\n status => $res->status_line,\n headers => $res->headers(),\n data => $res->content\n };\n }\n \n sub GET($) \n {\n my $req = HTTP::Request->new(GET => $API_BASE . shift);\n return _request($req);\n }\n \n # Ping to test basic authentication\n \n print \"GET \/api\/profiler\/1.0\/ping\\n\";\n my $response = GET('\/api\/profiler\/1.0\/ping');\n \n if ($response->{code} == 204) {\n print \"Ping is successful!\\n\";\n } else {\n print \"Ping failed!\\n\";\n print $response->{data};\n }\n\n
Sample .Net\/C# script for BASIC authentication<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n \n using System;\n using System.Collections.Generic;\n using System.Net;\n using System.Text;\n using System.IO;\n using System.Net.Security;\n using System.Security.Cryptography.X509Certificates;\n \n namespace CascadeRestClient\n {\n class Program\n {\n static string BASIC_AUTH = \"admin:admin\";\n \n \/\/ callback used to validate the self-gen certificate in an SSL conversation\n private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)\n {\n return true;\n \/*\n X509Certificate2 certv2 = new X509Certificate2(cert);\n if (certv2.GetNameInfo(X509NameType.SimpleName,true) == \"www.riverbed.com\")\n return true;\n \n return false;\n *\/\n }\n \n private static string Base64Encode(string toEncode)\n {\n byte[] toEncodeAsBytes\n = System.Text.ASCIIEncoding.ASCII.GetBytes(toEncode);\n return System.Convert.ToBase64String(toEncodeAsBytes);\n }\n \n static void Main(string[] args)\n {\n if (args.Length == 0 || string.IsNullOrWhiteSpace(args[0]))\n {\n Console.WriteLine(\"Usage: CascadeRestClient hostname\");\n return;\n }\n try\n {\n \/\/Code to allow run with self-signed certificates\n \/\/ validate cert by calling a function\n ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);\n \n \/\/Starting to run rest \n string rootUrl = \"https:\/\/\" + args[0];\n string requestUrl = rootUrl + \"\/api\/profiler\/1.0\/ping\";\n \n \/\/ Ping to test beaic authentication\n Console.WriteLine(\"GET \" + requestUrl);\n \n \/\/ Post to run the report\n HttpWebRequest request = WebRequest.Create(requestUrl) as HttpWebRequest;\n request.Headers.Add(\"Authorization: Basic \" + Base64Encode(BASIC_AUTH));\n request.ContentType = \"application\/json\";\n request.Method = WebRequestMethods.Http.Get;\n request.ContentLength = 0;\n using (var response = request.GetResponse() as HttpWebResponse)\n {\n if (response.StatusCode == HttpStatusCode.NoContent)\n {\n Console.WriteLine(\"Ping is successful!\");\n }\n else\n {\n Console.WriteLine(\"Ping failed!\");\n using (Stream stream = response.GetResponseStream())\n {\n using (StreamReader reader = new StreamReader(stream, Encoding.UTF8))\n {\n String responseString = reader.ReadToEnd();\n Console.WriteLine(responseString);\n }\n }\n \n }\n }\n }\n catch (Exception e)\n {\n Console.WriteLine(e.Message);\n }\n }\n }\n }\n\n
Sample CURL command (BASIC authentication)<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n
\n% curl --user username:password https:\/\/{host}\/api\/profiler\/1.0\/ping -k \n<\/pre>\nSample WGET command (BASIC authentication)<\/h2>\n\n
Use the Ping resource to demonstrate BASIC authentication.<\/p>\n\n
\n% wget --http-user username --http-password password https:\/\/{host}\/api\/profiler\/1.0\/ping --no-check-certificate \n<\/pre>\nSESSION (Cookie) authentication<\/h2>\n\n
In order to use the SESSION (Cookie) authentication, a session ID must be generated. The session ID can then be used to access protected resources. To generate a session ID the client must send a POST request with username, password and optionally purpose. The API supports three different methods of input: x-www-form-urlencoded, JSON and XML<\/p>\n\n
Client request using x-www-form-urlencoded input:<\/p>\n\n
\nPOST \/api\/common\/1.0\/login\nHost: 127.0.0.1\nContent-Type: application\/x-www-form-urlencoded\nAccept: application\/json\n\nusername=username&password=password&purpose=script XYZ\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 200 OK\nSet-Cookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n\n{\n \"session_key\": \"SESSID\",\n \"session_id\": \"bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\"\n}\n<\/pre>\n\nClient request using JSON input: <\/p>\n\n
\nPOST \/api\/common\/1.0\/login\nHost: 127.0.0.1\nContent-Type: application\/json\nAccept: application\/json\n\n{\n \"username\" : \"username\", \n \"password\" : \"password\",\n \"purpose\" : \"script XYZ\"\n}\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 200 OK\nSet-Cookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n\n{\n \"session_key\": \"SESSID\",\n \"session_id\": \"bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\"\n}\n<\/pre>\n\nClient request using XML input: <\/p>\n\n
\nPOST \/api\/common\/1.0\/login\nHost: 127.0.0.1\nContent-Type: text\/xml\nAccept: text\/xml\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 200 OK\nSet-Cookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n\n<login \"username\"=\"user\" \"password\"=\"pass\" \"purpose\"=\"UI login\" \/>\n<\/pre>\n\nThe client must include the Cookie header when accessing authenticated resources. The session (cookie) expiration rules are the same as the ones used in the GUI of the product. The rules can be changed from the Log-in Settings page<\/a>.<\/p>\n\n
Client request to protected resource using the session ID:<\/p>\n\n
\nPOST \/api\/profiler\/1.0\/ping\nHost: 127.0.0.1\nAccept: application\/json\nCookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n<\/pre>\n\nServer response:<\/p>\n\n
HTTP\/1.1 204 OK<\/pre>\n\nClient request to protected resource using expired\/invalid session ID:<\/p>\n\n
\nPOST \/api\/profiler\/1.0\/ping\nHost: 127.0.0.1\nAccept: application\/json\nCookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 401 AUTH_INVALID_SESSION\nContent-Type: application\/json\n\n{\n \"error_id\": \"AUTH_INVALID_SESSION\",\n \"error_text\": \"Session ID is invalid\"\n}\n<\/pre>\n\nTo end a previously started session, the client sends a GET request to \/logout including a Cookie header with the session ID.<\/p>\n
Client request to end a previously started session:<\/p>\n\n
\nGET \/api\/common\/1.0\/logout\nHost: 127.0.0.1\nAccept: application\/json\nCookie: SESSID=bfe3c2fd7b53053eecdd54b08c01d6a8d447aa6c15ed8f7523032c5814221ee7\n<\/pre>\n\nServer response:<\/p>\n \n
HTTP\/1.1 204<\/pre>\nSample PHP script for SESSION (Cookie) authentication<\/h2>\n\n
Use the Ping resource to demonstrate SESSION (Cookie) authentication.<\/p>\n\n \n 'admin',\n 'password' => 'admin',\n 'purpose' => 'demonstrate SESSION authentication');\n $url = 'https:\/\/' . HOST . '\/api\/common\/1.0\/login';\n $output = do_POST($url, json_encode($login_data), $info);\n \n if ($info['http_code'] != 200) {\n echo \"Login Failed!\\n\";\n echo $output;\n exit(1);\n } \n \n $data = json_decode($output, 1);\n $session_key = $data['session_key'];\n $session_id = $data['session_id'];\n \n echo \"Login successful, {$session_key}={$session_id}\\n\";\n \n \/\/ Ping to test session authentication\n $url = 'https:\/\/' . HOST . '\/api\/profiler\/1.0\/ping';\n echo \"GET {$url}\\n\";\n \n $info = array();\n $output = do_GET($url, $session_key, $session_id, $info);\n \n if ($info['http_code'] == 204) {\n echo \"Ping is successful!\\n\"; \n } else {\n echo \"Ping failed!\\n\";\n echo $output;\n }\n \n ?>\n\n
Sample Python script for SESSION (Cookie) authentication<\/h2>\n\n
Use the Ping resource to demonstrate SESSION (Cookie) authentication.<\/p>\n\n \n from urlparse import urlparse\n import base64\n import logging\n import httplib\n import json\n import time\n import sys\n \n HOST = '127.0.0.1'\n \n # Lib functions\n \n def do_POST(url, string):\n '''HTTP POST'''\n \n conn = httplib.HTTPSConnection(HOST, 443)\n \n headers = {\"Content-Length\" : str(len(string)),\n \"Content-Type\" : \"application\/json\",\n \"Accept\" : \"application\/json\"}\n \n conn.request('POST', url, body=string, headers=headers)\n \n res = conn.getresponse()\n \n info = {\"status\" : res.status,\n \"headers\" : res.getheaders()}\n \n data = res.read()\n conn.close()\n return data, info\n \n def do_GET(url, session_key, session_id):\n '''HTTP GET'''\n \n conn = httplib.HTTPSConnection(HOST, 443)\n \n headers = {\"Content-Length\" : 0,\n \"Content-Type\" : \"application\/json\",\n \"Accept\" : \"application\/json\",\n \"Cookie\" : \"%s=%s\" % (session_key, session_id)}\n \n conn.request('GET', url, body=\"\", headers=headers)\n \n res = conn.getresponse()\n \n info = {\"status\" : res.status,\n \"headers\" : res.getheaders()}\n \n data = res.read()\n conn.close()\n return data, info\n \n # Post to create session id\n \n login_data = {\n \"username\" : \"admin\",\n \"password\" : \"admin\",\n \"purpose\" : \"demonstrate SESSION authentication\"\n }\n \n url = \"https:\/\/%s\/api\/common\/1.0\/login\" % HOST\n \n output, info = do_POST(url, json.dumps(login_data))\n if (info['status'] is not 200):\n print \"Login Failed!\"\n print output\n sys.exit(1)\n \n data = json.loads(output)\n session_key = data[\"session_key\"]\n session_id = data[\"session_id\"]\n \n print \"Login successful, %s=%s\" % (session_key, session_id)\n \n url = \"https:\/\/%s\/api\/profiler\/1.0\/ping\" % HOST\n \n # Ping to test session authentication\n output, info = do_GET(url, session_key, session_id)\n \n if (info['status'] is 204):\n print \"Ping is successful!\"\n else:\n print \"Ping failed!\"\n print output\n\n
Sample Perl script for SESSION (Cookie) authentication<\/h2>\n\n
Use the Ping resource to demonstrate SESSION (Cookie) authentication.<\/p>\n\n \n #!\/usr\/bin\/perl\n use strict;\n use warnings;\n \n use LWP::UserAgent;\n use HTTP::Request;\n use List::MoreUtils qw(firstidx);\n use JSON qw( encode_json decode_json );\n \n our $ua = LWP::UserAgent->new;\n $ua->agent(\"ProfilerScript\/0.1\");\n \n our $API_BASE = \"https:\/\/127.0.0.1\";\n \n sub GET($$$) \n {\n my $req = HTTP::Request->new(GET => $API_BASE . shift);\n $req->header('Accept' => 'application\/json');\n \n my $session_key = shift;\n my $session_id = shift;\n $req->header('Cookie' => \"$session_key=$session_id\");\n \n my $res = $ua->request($req);\n \n return {\n code => $res->code,\n status => $res->status_line,\n headers => $res->headers(),\n data => $res->content\n };\n }\n \n sub POST($$) \n {\n my $req = HTTP::Request->new(POST => $API_BASE . shift);\n $req->content_type('application\/json');\n $req->content(encode_json(shift));\n \n $req->header('Accept' => 'application\/json');\n \n my $res = $ua->request($req);\n \n return {\n code => $res->code,\n status => $res->status_line,\n headers => $res->headers(),\n data => $res->content\n };\n }\n \n # Post to create session id\n \n my $login_data = { \n username => 'admin',\n password => 'admin',\n purpose => 'demonstrate SESSION authentication'};\n \n my $response = POST('\/api\/common\/1.0\/login', $login_data);\n \n die \"Login Failed.\\n$response->{data}\\n\" unless $response->{code} == 200;\n \n my $data = decode_json($response->{data});\n my $session_key = $data->{session_key};\n my $session_id = $data->{session_id};\n print \"Login successful, $session_key=$session_id\\n\";\n \n # Ping to test session authentication\n $response = GET('\/api\/profiler\/1.0\/ping', $session_key, $session_id);\n \n if ($response->{code} == 204) {\n print \"Ping is successful!\\n\";\n } else {\n print \"Ping failed!\\n\";\n print $response->{data};\n }\n\n
Sample .Net\/C# script for SESSION (Cookie) authentication<\/h2>\n\n
Use the Ping resource to demonstrate SESSION (Cookie) authentication.<\/p>\n\n \n using System;\n using System.Collections.Generic;\n using System.Net;\n using System.Runtime.Serialization.Json;\n using System.Text;\n using System.IO;\n using System.Net.Security;\n using System.Security.Cryptography.X509Certificates;\n using System.Web.Script.Serialization;\n \n namespace CascadeRestClient\n {\n public class AuthResult\n {\n public string session_key { get; set; }\n public string session_id { get; set; }\n }\n \n class Program\n {\n \/\/ callback used to validate the self-gen certificate in an SSL conversation\n private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)\n {\n return true;\n }\n \n static void Main(string[] args)\n {\n if (args.Length == 0 || string.IsNullOrWhiteSpace(args[0]))\n {\n Console.WriteLine(\"Usage: CascadeRestClient hostname\");\n return;\n }\n try\n {\n \/\/Code to allow run with self-signed certificates\n \/\/ validate cert by calling a function\n ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);\n \n \/\/Starting to run rest \n string rootUrl = \"https:\/\/\" + args[0];\n string requestUrl = rootUrl + \"\/api\/common\/1.0\/login.json\";\n \n var jsondata = new\n {\n username = \"admin\",\n password = \"admin\",\n purpose = \"demonstrate SESSION authentication\"\n };\n \n \/\/Serialize anomymous type to json\n JavaScriptSerializer serializer = new JavaScriptSerializer();\n string postData = serializer.Serialize(jsondata);\n \n \/\/ Login\n AuthResult r;\n using (var response = MakeRequest(requestUrl, WebRequestMethods.Http.Post, null, postData))\n {\n if (response.StatusCode != HttpStatusCode.OK)\n {\n Console.WriteLine(\"Login Failed!\");\n LogResponse(response);\n return;\n }\n \n r = ReadResponse
(response);\n }\n Console.WriteLine(string.Format(\"Login successful, {0}={1}\", r.session_key, r.session_id));\n \n \/\/ Ping to test session authentication\n requestUrl = rootUrl + \"\/api\/profiler\/1.0\/ping\";\n Console.WriteLine(\"GET \" + requestUrl);\n \n using (var response = MakeRequest(requestUrl, WebRequestMethods.Http.Get, string.Format(\"Cookie: {0}={1}\", r.session_key, r.session_id)))\n {\n if (response.StatusCode == HttpStatusCode.NoContent)\n {\n Console.WriteLine(\"Ping is successful!\");\n }\n else\n {\n Console.WriteLine(\"Ping failed!\");\n LogResponse(response);\n }\n }\n }\n catch (Exception e)\n {\n Console.WriteLine(e.Message);\n }\n }\n \n private static void LogResponse(HttpWebResponse response)\n {\n using (Stream stream = response.GetResponseStream())\n {\n using (StreamReader reader = new StreamReader(stream, Encoding.UTF8))\n {\n String responseString = reader.ReadToEnd();\n Console.WriteLine(responseString);\n }\n }\n }\n \n private static T ReadResponse (HttpWebResponse response) where T : class\n {\n DataContractJsonSerializer jsonSerializer = new DataContractJsonSerializer(typeof(T));\n object objResponse = jsonSerializer.ReadObject(response.GetResponseStream());\n return objResponse as T;\n }\n \n \/\/\/ \n \/\/\/ Make request\n \/\/\/ <\/summary>\n \/\/\/ return type<\/typeparam>\n \/\/\/ url for request<\/param>\n \/\/\/ Http Verb, Get, Post etc<\/param>\n \/\/\/ additional header except accept and content type <\/param>\n \/\/\/ Data posted<\/param>\n \/\/\/ <\/returns>\n private static HttpWebResponse MakeRequest(string requestUrl, string action, string header, string requestData = null)\n {\n HttpWebRequest request = WebRequest.Create(requestUrl) as HttpWebRequest;\n if (!string.IsNullOrWhiteSpace(header))\n request.Headers.Add(header);\n request.ContentType = \"application\/json\";\n request.Accept = \"application\/json\";\n request.Method = action;\n if (requestData == null)\n {\n request.ContentLength = 0;\n }\n else\n {\n ASCIIEncoding encoding = new ASCIIEncoding();\n byte[] byte1 = encoding.GetBytes(requestData);\n request.ContentLength = byte1.Length;\n using (Stream newStream = request.GetRequestStream())\n {\n newStream.Write(byte1, 0, byte1.Length);\n }\n }\n \n return request.GetResponse() as HttpWebResponse;\n }\n }\n }\n\n OAuth 2.0 authentication<\/h2>\n\n
In order to use the OAuth 2.0 authentication an access code needs to be generated. To generate the code:<\/p>\n\n
\n
- Go to the Configuration => Account management => OAuth Access<\/a> page.<\/li>\n
- Click the \"Generate new\" button.<\/li>\n
- Enter a description for the access code. The description is used for auditing purposes.<\/li>\n
- The system generates an access code. Use this in your script.<\/li>\n <\/ul>\n\n
All access to protected resources requires a valid access token. To get an access token, the client must send a POST request with the access code. The server will issue an access token that is valid for the next 1 hour and return it in the body of the POST. If the client script runs for more than 1 hour, then it will need to generate another access token when the one that it has expires. An expired token results into an error with HTTP code 401 and error_id AUTH_EXPIRED_TOKEN.<\/p>\n\n
Client request to generate an OAuth 2.0 access token:<\/p>\n\n
\nPOST \/api\/common\/1.0\/oauth\/token\nHost: 127.0.0.1\nContent-Type: application\/x-www-form-urlencoded\nAccept: application\/json\n\ngrant_type=access_code&assertion={access code here}\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 200 OK\nContent-Type: application\/json\n\n{\n \"access_token\": \"ewoJIm5vbmNlIjogImY0MmJhZmIiLAoJImF1ZCI6ICJod...\"\n \"token_type\": \"bearer\",\n \"expires_in\": 3600\n}\n<\/pre>\n\nClient request to protected resource using the OAuth 2.0 access token:<\/p>\n\n
\nPOST \/api\/profiler\/1.0\/ping\nHost: 127.0.0.1\nAccept: application\/json\nAuthorization: Bearer ewoJIm5vbmNlIjogImY0MmJhZmIiLAoJImF1ZCI6ICJod...\n<\/pre>\n\nServer response:<\/p>\n\n
HTTP\/1.1 204 OK<\/pre>\n\nClient request to protected resource using expired OAuth 2.0 access token:<\/p>\n\n
\nPOST \/api\/profiler\/1.0\/ping\nHost: 127.0.0.1\nAccept: application\/json\nAuthorization: Bearer ewoJIm5vbmNlIjogImY0MmJhZmIiLAoJImF1ZCI6ICJod...\n<\/pre>\n\nServer response:<\/p>\n\n
\nHTTP\/1.1 401 AUTH_EXPIRED_TOKEN\nContent-Type: application\/json\n\n{\n \"error_id\": \"AUTH_EXPIRED_TOKEN\",\n \"error_text\": \"OAuth access token is expired\"\n}\n<\/pre>\nSample PHP script for OAuth 2.0 authentication<\/h2>\n\n
In order to use the OAuth 2.0 authentication an access code needs to be generated. To generate the code:<\/p>\n\n
\n
- Go to the Configuration => Account management => OAuth Access<\/a> page.<\/li>\n
- Click the \"Generate new\" button.<\/li>\n
- Enter a description for the access code. The description is used for auditing purposes.<\/li>\n
- The system generates an access code. Use this in your script.<\/li>\n <\/ul>\n\n
All access to protected resources requires a valid access token. To get an access token, the client must send a POST request with the access code. The server will issue an access token that is valid for the next 1 hour and return it in the body of the POST. If the client script runs for more than 1 hour, then it will need to generate another access token when the one that it has expires. An expired token results into an error with HTTP code 401 and error_id AUTH_EXPIRED_TOKEN.<\/p>\n\n \n \n\n
Sample Python script for OAuth 2.0 authentication<\/h2>\n\n
In order to use the OAuth 2.0 authentication an access code needs to be generated. To generate the code:<\/p>\n\n
\n
- Go to the Configuration => Account management => OAuth Access<\/a> page.<\/li>\n
- Click the \"Generate new\" button.<\/li>\n
- Enter a description for the access code. The description is used for auditing purposes.<\/li>\n
- The system generates an access code. Use this in your script.<\/li>\n <\/ul>\n\n
All access to protected resources requires a valid access token. To get an access token, the client must send a POST request with the access code. The server will issue an access token that is valid for the next 1 hour and return it in the body of the POST. If the client script runs for more than 1 hour, then it will need to generate another access token when the one that it has expires. An expired token results into an error with HTTP code 401 and error_id AUTH_EXPIRED_TOKEN.<\/p>\n\n \n from urlparse import urlparse\n import base64\n import logging\n import httplib\n import json\n import time\n import sys\n \n OAUTH_CODE = 'ewoJIm5vbmNlIjogImFmNTBlOTkxIiwKCSJhdWQiOiAiaHR0cHM6Ly9kZXNvLTEvYXBpL2NvbW1vbi8xLjAvb2F1dGgvdG9rZW4iLAoJImlzcyI6ICJodHRwczovL2Rlc28tMSIsCgkicHJuIjogImFkbWluIiwKCSJqdGkiOiAiMSIsCgkiZXhwIjogIjEzNTY1NTM5NDkiLAoJImlhdCI6ICIxMzUzOTYxOTQ5Igp9'\n \n HOST = '127.0.0.1'\n \n # Lib functions\n \n def do_POST(url, string):\n '''HTTP POST'''\n \n conn = httplib.HTTPSConnection(HOST, 443)\n \n headers = {\"Content-Length\" : str(len(string)),\n \"Content-Type\" : \"application\/x-www-form-urlencoded\",\n \"Accept\" : \"application\/json\"}\n \n conn.request('POST', url, body=string, headers=headers)\n \n res = conn.getresponse()\n \n info = {\"status\" : res.status,\n \"headers\" : res.getheaders()}\n \n data = res.read()\n conn.close()\n return data, info\n \n def do_GET(url, access_token):\n '''HTTP GET'''\n \n conn = httplib.HTTPSConnection(HOST, 443)\n \n headers = {\"Content-Length\" : 0,\n \"Content-Type\" : \"application\/json\",\n \"Accept\" : \"application\/json\",\n \"Authorization\" : \"Bearer %s\" % access_token}\n \n conn.request('GET', url, body=\"\", headers=headers)\n \n res = conn.getresponse()\n \n info = {\"status\" : res.status,\n \"headers\" : res.getheaders()}\n \n data = res.read()\n conn.close()\n return data, info\n \n # Post to get access token based on the access code\n \n url = \"https:\/\/%s\/api\/common\/1.0\/oauth\/token\" % HOST\n \n output, info = do_POST(url, \"grant_type=access_code&assertion=%s\" % OAUTH_CODE)\n if (info['status'] is not 200):\n print \"Post to get access token failed!\"\n print output\n sys.exit(1)\n \n data = json.loads(output)\n access_token = data[\"access_token\"]\n expires_in = data[\"expires_in\"]\n \n print \"Post to get token id is successful\"\n print \"Token: %s\" % access_token\n print \"The token will expire in %s seconds\" % expires_in\n \n # Ping to test OAuth 2.0 authentication\n url = \"https:\/\/%s\/api\/profiler\/1.0\/ping\" % HOST\n output, info = do_GET(url, access_token)\n \n if (info['status'] is 204):\n print \"OAuth 2.0 authentication is successful!\"\n else:\n print \"OAuth 2.0 authentication failed!\"\n print output\n\n
Sample Perl script for OAuth 2.0 authentication<\/h2>\n\n
In order to use the OAuth 2.0 authentication an access code needs to be generated. To generate the code:<\/p>\n\n