Configuring Security Settings : Enabling REST API access
  
Enabling REST API access
You enable access to the Riverbed REST API under Administration > Security: REST API Access.
REST (Representational State Transfer) is a framework for API design. REST builds a simple API on top of the HTTP protocol. It is based on generic facilities of the standard HTTP protocol, including the six basic HTTP methods (GET, POST, PUT, DELETE, HEAD, INFO) and the full range of HTTP return codes. You can discover REST APIs by navigating links embedded in the resources provided by the REST API that follow common encoding and formatting practices.
For detailed information about REST API calls, see the SteelHead User Guide.
Under REST API Access Settings, select the Enable REST API Access check box.
Before an appliance can access the REST API, you must generate an access code for the system to use to authenticate access under Administration > Security: REST API Access. These configuration options are available:
Add Access Code
Displays the controls for adding an access code.
Description of Use
Allows you to provide a description, such as the hostname or IP address of the appliance you’re using.
Generate New Access Code
Generates the new access code. Click Add to add the code to the running configuration. The access code is displayed in the table.
Import New Access Code
Allows you to copy and paste an existing access code in the text box.
Add
Adds the access code to the running configuration. The access code is displayed in the table.
Click the access code name to expand the page and display the access code.
Copy the access code from the text field into a text editor such as Notepad.
To use the access code in an external script, copy the access code copied from the Management Console REST API Access page into the configuration file of your external script.
The script uses the access code to make a call to the appliance/system to request an access token. The appliance/system validates the access code and returns an access token for use by the script. Generally, the access token is kept by the script for a session only (defined within your script), but note that the script can make many requests using the same access token. These access tokens have some lifetime—usually around an hour —in which they’re valid. When they expire, the access code must fetch a new access token. The script uses the access token to make REST API calls with the appliance/system.