HP 3PAR StoreServ 7200 2-node HP 3PAR Web Service API 1.2 Developer's - Page 15
About Session Key Security, Creating a Session Key, Example
View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 15 highlights
About Session Key Security Because session keys allow access to the storage server, client applications should not display session keys or otherwise make them visible to end users. Revealing a session key is similar to revealing a password in that an unauthorized person who obtains a session key can use it to access the storage server until the key is deleted. Creating a Session Key Except when querying the API version and when creating and deleting a session key, the session key is required for all operations and is passed in an HTTP header with the name X-HP3PAR-WSAPI-SessionKey. Each session key is associated with the IP address of the client that originally requested it, and subsequent use is restricted to requests from that same IP address. An example of creating a session key using cURL (a command-line utility available for most Linux distributions) is as follows: 1. Enter the following (in a single command line): curl -k -H "Accept:application/json" -H "Content-Type:application/json" --data-binary '{"user":"example","password":"example"}' https://:8080/api/v1/credentials 2. The system returns the HTTP code 201 Created, the URI of the newly created session key in the location portion of the HTTP header, and a message body with the JSON object; see Table 4 (page 15). Example HTTP/1.1 201 Created Date: Thu, 28 Jul 2011 00:00:38 GMT Server: hp3par-wsapi Cache-Control: no-cache Pragma: no-cache Content-Type: application/json Location: /api/v1/credentials/48A70B8A8301C458037E0821 Connection: close {"key":"48A70B8A8301C458037E0821"} Table 4 Message Body JSON Objects for Session Key Creation Member key JSON Type string Description The session key. Using a Session Key Except for creating and deleting a session key, the session key is required for all operations. The key is passed in an HTTP header with the following name: X-HP3PAR-WSAPI-SessionKey Example using the cURL command line utility curl -s -H "X-HP3PAR-WSAPI-SessionKey: 48A70B8A8301C458037E0821" \ http://InServ1:8008/api/v1/volumes The resulting HTTP request appears as follows: GET /api/v1/volumes HTTP/1.1 User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8ozlib/1.2.3.4 libidn/1.18 System Access 15