Home » HP Manuals » Storage Devices » HP 3PAR StoreServ 7450 4-node » Manual Viewer

HP 3PAR StoreServ 7450 4-node HP 3PAR Web Service API 1.2 Developer's - Page 15

About Session Key Security, Creating a Session Key, Example

View all HP 3PAR StoreServ 7450 4-node manuals

Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

About Session Key Security Because session keys allow access to the storage server, client applications should not display session keys or otherwise make them visible to end users. Revealing a session key is similar to revealing a password in that an unauthorized person who obtains a session key can use it to access the storage server until the key is deleted. Creating a Session Key Except when querying the API version and when creating and deleting a session key, the session key is required for all operations and is passed in an HTTP header with the name X-HP3PAR-WSAPI-SessionKey. Each session key is associated with the IP address of the client that originally requested it, and subsequent use is restricted to requests from that same IP address. An example of creating a session key using cURL (a command-line utility available for most Linux distributions) is as follows: 1. Enter the following (in a single command line): curl -k -H "Accept:application/json" -H "Content-Type:application/json" --data-binary '{"user":"example","password":"example"}' https://:8080/api/v1/credentials 2. The system returns the HTTP code 201 Created, the URI of the newly created session key in the location portion of the HTTP header, and a message body with the JSON object; see Table 4 (page 15). Example HTTP/1.1 201 Created Date: Thu, 28 Jul 2011 00:00:38 GMT Server: hp3par-wsapi Cache-Control: no-cache Pragma: no-cache Content-Type: application/json Location: /api/v1/credentials/48A70B8A8301C458037E0821 Connection: close {"key":"48A70B8A8301C458037E0821"} Table 4 Message Body JSON Objects for Session Key Creation Member key JSON Type string Description The session key. Using a Session Key Except for creating and deleting a session key, the session key is required for all operations. The key is passed in an HTTP header with the following name: X-HP3PAR-WSAPI-SessionKey Example using the cURL command line utility curl -s -H "X-HP3PAR-WSAPI-SessionKey: 48A70B8A8301C458037E0821" \ http://InServ1:8008/api/v1/volumes The resulting HTTP request appears as follows: GET /api/v1/volumes HTTP/1.1 User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8ozlib/1.2.3.4 libidn/1.18 System Access 15

Section	Page
HP 3PAR Web Services API 1.2 Developer's Guide	1
Contents	3
1 Introduction	9
About the WSAPI	9
Getting Started	9
Starting and Configuring the Server	9
About the SDK	9
Java SDK	10
Perl SDK	10
2 Accessing the WSAPI	11
Overview	11
Protocol and Message Format	12
Client HTTP Headers	12
Server HTTP Headers	13
Supported HTTP Methods	14
General URI Format	14
System Access	14
Creating Credentials	14
About Multiple Session Keys	14
About Session Key Security	15
Creating a Session Key	15
Using a Session Key	15
Deleting a Session Key	16
Session Key Deletion Success	16
Session Key Deletion Errors	16
HTTP Status and Error Codes	16
The code Member	16
The desc Member	24
The ref Member	25
HTTP Error Codes	25
Request Input and Optional Members	25
Null Members	26
Enumerations	26
JSON Types and API Types	27
3 Working with Common Provisioning Groups	29
CPG Enumeration and Configuration Objects	29
CPG LDLayout JSON Objects	29
CPG RAIDType Enumeration	29
CPG HA Enumeration	30
CPG chunkletPosPref Enumeration	30
CPG diskPatterns JSON Object	30
CPG diskType Enumeration	31
CPG Space Usage Objects	32
Growth Objects	32
CPG state Enumeration	32
CPG detailedState Enumeration	32
Creating a CPG	33
CPG Creation Success	33
CPG Creation Errors	34
Modifying a CPG	34
CPG Modification Success	35
CPG Modification Errors	35
Removing a CPG	35
CPG Removal Success	35
CPG Removal Errors	35
Querying CPG Information	36
Querying All CPGs	36
CPG Query Success	37
CPG Query Errors	37
Querying a Single CPG	37
Single-CPG Query Success	37
Single-CPG Query Errors	37
4 Working with Storage Volumes	38
Volume Enumeration and Configuration Objects	38
Volume provisioningType Enumeration Types	38
Volume CopyType Enumeration Types	38
Volume state Enumeration Types	38
Volume DetailedState Enumeration Types	39
Volume policies Configuration Object	40
Volume Space Objects	40
Creating a Storage Volume	41
Creating Base Volumes	41
Creating Snapshot Volumes	42
Volume Creation Success	43
Volume Creation Errors	43
Modifying a Virtual Volume	44
Volume Modification Success	46
Volume Modification Errors	46
Removing a Storage Volume	48
Storage Volume Removal Success	48
Storage Volume Removal Errors	48
Querying Volume Information	48
Querying All Volumes	48
All-Volumes Query Success	48
All-volumes Query Errors	50
Querying a Single Volume	50
Single-volume Query Success	50
Single-volume Query Errors	50
5 Working with Hosts	52
Creating a Host	52
Host Creation Success	52
Host Creation Errors	53
Modifying a Host	54
Host Modification Success	56
Host Modification Errors	56
Removing a Host	58
Host Removal Success	58
Host Removal Errors	58
Querying Hosts	58
Host Query Success	58
Host Query Errors	62
6 Working with Ports	63
Port Configuration and Enumeration Objects	63
Querying All Ports	65
All-ports Query Success	65
All-ports Query Errors	67
Querying A Single Port	67
Single-port Query Success	67
Single-port Query Errors	67
7 Working with Virtual LUNs	68
VLUN Configuration and Enumeration Objects	68
VLUN portPos Configuration Object	68
VLUNtype Enumeration	68
VLUN multipathing Enumeration	68
VLUN failedPathPol Enumeration	69
Creating a VLUN	69
VLUN Creation Success	70
VLUN Creation Errors	70
VLUN Creation Example	71
HTTP Request	71
HTTP Response	72
Removing a VLUN	72
VLUN Removal Success	72
VLUN Removal Errors	72
VLUN Removal Example	73
HTTP Request	73
HTTP Response	73
Querying VLUNs	73
Querying All VLUNs	73
All-VLUNs Query Success	73
All-VLUNs Query Example	75
All-VLUNs Query Errors	75
Querying a Single VLUN	76
Single-VLUN Query Success	76
Single-VLUN Query Errors	77
8 Getting Storage System and Version Information	79
Getting Storage System Information	79
Storage-system Query Success	79
Storage-system Query Errors	80
Getting Version Information	80
Version Information Query Success	80
Version Information Query Errors	80
9 Querying Available Space	81
Querying Overall System Capacity	81
Overall System Capacity Success	81
Overall Available Space Query Errors	84
Querying Available Space for a CPG or LDLayout Object	84
CPG Space Query Members	84
LDLayout Object Space Query Members	84
Space Query Success	84
Space Query Errors	85
10 Support and Other Resources	86
Contacting HP	86
HP 3PAR documentation	86
Typographic conventions	89
HP 3PAR branding information	89
11 Documentation feedback	90

Match case Limit results 1 per page

About Session Key Security

Because session keys allow access to the storage server, client applications should not display

session keys or otherwise make them visible to end users. Revealing a session key is similar to

revealing a password in that an unauthorized person who obtains a session key can use it to

access the storage server until the key is deleted.

Creating a Session Key

Except when querying the API version and when creating and deleting a session key, the session

key is required for all operations and is passed in an HTTP header with the name

X-HP3PAR-WSAPI-SessionKey

Each session key is associated with the IP address of the client that originally requested it, and

subsequent use is restricted to requests from that same IP address. An example of creating a session

key using cURL (a command-line utility available for most Linux distributions) is as follows:

Enter the following (in a single command line):

curl -k -H "Accept:application/json" -H

"Content-Type:application/json" --data-binary

'{"user":"example","password":"example"}' https://

<storage

system>

:8080/api/v1/credentials

The system returns the HTTP code

201 Created

, the URI of the newly created session key

in the location portion of the HTTP header, and a message body with the JSON object; see

Table 4 (page 15)

Example

HTTP/1.1 201 Created

Date: Thu, 28 Jul 2011 00:00:38 GMT

Server: hp3par-wsapi

Cache-Control: no-cache

Pragma: no-cache

Content-Type: application/json

Location: /api/v1/credentials/48A70B8A8301C458037E0821

Connection: close

{"key":"48A70B8A8301C458037E0821"}

Table 4 Message Body JSON Objects for Session Key Creation

Description

JSON Type

Member

The session key.

string

key

Using a Session Key

Except for creating and deleting a session key, the session key is required for all operations. The

key is passed in an HTTP header with the following name:

X-HP3PAR-WSAPI-SessionKey

Example using the cURL command line utility

curl -s

–

H "X-HP3PAR-WSAPI-SessionKey: 48A70B8A8301C458037E0821" \

http://InServ1:8008/api/v1/volumes

The resulting HTTP request appears as follows:

GET /api/v1/volumes HTTP/1.1

User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3

OpenSSL/0.9.8ozlib/1.2.3.4 libidn/1.18

System Access

HP 3PAR StoreServ 7450 4-node HP 3PAR Web Service API 1.2 Developer&#039;s - Page 15

About Session Key Security, Creating a Session Key, Example

Page 15 highlights

HP 3PAR StoreServ 7450 4-node HP 3PAR Web Service API 1.2 Developer's - Page 15