Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Configuring the REST, S3 compatible, HSwift, and WebDAV APIs


With the REST, S3 compatible, and HSwift APIs, users and applications can add, view, and delete objects and modify object metadata through a RESTful API. With the WebDAV API, users and applications can perform these activities through familiar directory structures.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

REST, S3 compatible, HSwift, and WebDav API configuration


You use the HTTP(S) panel to enable and configure the REST, S3 compatible, HSwift, and WebDAV APIs for a namespace. To display this panel, on the left side of the Protocols panel, click on HTTP(S).

Although you use a single panel to enable these protocols, you enable or disable them independently of each other.

NoteWebHelp.png

Note: Before you can enable the S3 compatible API for a namespace, ACLs must be enabled for the namespace. For information on enabling ACLs, see Enabling the use of ACLs.

The top of the HTTP(S) panel shows the URL for access to the namespace through the REST API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

NoteWebHelp.png

Note: Certain countries prohibit the export of encryption technology. HCP systems shipped to restricted countries have the HTTPS option on the namespace protocols page disabled. If you do not see the checkbox to enable HTTPS and you are in a country where SSL encryption is permitted, please contact your HCP system administrator.

The HTTP(S) panel lets you:

Enable the REST API.

Enable the S3 compatible API.

Enable the HSwift API.

Enable the WebDAV API.

Specify whether the REST, S3 compatible, HSwift, and WebDAV APIs require the use of SSL security.

Specify whether the REST, S3 compatible, and HSwift APIs require user authentication for access to the namespace.

If the tenant supports user authentication with Active Directory, specify whether HCP supports AD single sign-on for REST, S3 compatible, and HSwift access to the namespace. This affects the Namespace Browser, HCP Search Console, and other HTTP-based applications that support Integrated Windows authentication.

Specify whether the WebDAV API requires basic authentication for access to the namespace.

If WebDAV basic authentication is enabled, specify the username and password against which HCP authenticates WebDAV access to the namespace.

The username and password you specify for WebDAV basic authentication has no relationship to HCP or AD user accounts.

TipWebHelp.png

Tip: Be sure to give WebDAV users the specified username and password.

Specify whether WebDAV dead properties can be stored as custom metadata. If they can be, they are stored in the annotation named default.

Specify the client IP addresses that have access to the namespace through the REST, S3 compatible, HSwift, and WebDAV APIs.

By default, when a namespace is first created, the REST API is enabled with authentication required. If the HCP system supports the use of SSL for data access, the REST API also requires the use of SSL security by default.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Considerations for the S3 compatible API


These considerations apply to the S3 compatible API:

You can enable the S3 compatible API for a namespace only while ACLs are enabled for the namespace. For information on enabling ACLs, see Enabling the use of ACLs.

For users and applications to be able to perform most bucket-level operations with the S3 compatible API, the HCP management API must be enabled for the tenant. For information on enabling the management API, see Controlling access to HCP through the management API.

For a user or application to be able to create and manage namespaces with the S3 compatible API, the applicable user or group account must have the allow namespace management property enabled. For information on the allow namespace management property, see Managing accounts.

This additional consideration applies when you enable the S3 compatible API for a namespace that was created in an HCP release earlier than 6.0.

After being upgraded from a release earlier than 6.0, HCP generates ETags for objects that were stored before the upgrade. HCP generally does this over time. However, in response to an S3 compatible request to retrieve an object that does not yet have an ETag, HCP immediately generates the ETag before returning the object. This can be time consuming for large objects, with the result that HCP may be slow to respond to the first GET request for such an object. If you are concerned about this issue, please contact your HCP system administrator before enabling the S3 compatible API for the namespace.

NoteWebHelp.png

Note: An ETag is an identifier for the content of the object. As of release 6.0, HCP generates ETags for objects at the time they are stored.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Enabling REST, S3 compatible, HSwift, and WebDAV access to a namespace


The HTTP(S) panel has two sections for enabling and configuring the REST, S3 compatible, HSwift, and WebDAV APIs.

Settings section

To enable the REST, S3 compatible, HSwift, and WebDAV APIs, in the Settings section:

1.Take either or both of these actions:

oTo open the HTTPS port for REST, S3 compatible, HSwift, and WebDAV access to the namespace with SSL security, select Enable HTTPS.

NoteWebHelp.png

Note: Certain countries prohibit the export of encryption technology. HCP systems shipped to restricted countries have the HTTPS option on the namespace protocols page disabled. If you do not see the checkbox to enable HTTPS and you are in a country where SSL encryption is permitted, please contact your HCP system administrator.

oTo open the HTTP port for REST, S3 compatible, HSwift, and WebDAV access to the namespace without SSL security, select Enable HTTP.

These two options are independent of each other. If you select only Enable HTTPS, data sent through the REST, S3 compatible, HSwift, and WebDAV APIs is always secure. If you select both options, users and applications can send both secure and unsecure data through the REST, S3 compatible, HSwift, and WebDAV APIs.

NoteWebHelp.png

Note: To enable access to the namespace through the REST, S3 compatible, HSwift, or WebDAV API, you also need to select Enable REST API, Enable Hitachi API for Amazon S3, Enable HSwift API, or Enable WebDAV API, respectively. Opening the HTTPS and HTTP ports does by itself enable these protocols.

2.To enable the REST API:

a.Select Enable REST API. This option is available only if Enable HTTP or Enable HTTPS is already selected.

Above the Enable REST API option, the panel shows the URL for access to the namespace through the REST API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

b.To specify REST authentication requirements, below the Enable REST API option, select either Authenticated access only or Anonymous and authenticated access. For information on these options, see User authentication.

c.Optionally, select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication. This option appears only if the tenant supports AD for user authentication.

NoteWebHelp.png

Notes: 

The option to enable AD single sign-on for REST is synchronized with the same option for the S3 compatible API. Enabling or disabling either enables of disables the other, respectively.

To help ensure that AD single sign-on is available for those namespaces that need it, enable it only for those namespaces.

After this option is disabled, you can reenable it only while HCP can communicate with AD.

3.To enable the S3 compatible API:

a.Select Enable Hitachi API for Amazon S3. This option is available only if Enable HTTP or Enable HTTPS is already selected.

Above the Enable Hitachi API for Amazon S3 option, the panel shows the URL for access to the namespace through the S3 compatible API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

b.To specify S3 compatible authentication requirements, below the Enable Hitachi API for Amazon S3 option, select either Authenticated access only or Anonymous and authenticated access. For information on these options, see User authentication.

c.Optionally, select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication. This option appears only if the tenant supports AD for user authentication.

4.To enable the HSwift API:

a.Select Enable HSwift API. This option is available only if Enable HTTP or Enable HTTPS is already selected.

Above the Enable HSwift API option, the panel shows the URL for access to the namespace through the HSwift API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

b.To specify HSwift authentication requirements, below the Enable HSwift API option, select either Authenticated access only or Anonymous and authenticated access. For information on these options, see User authentication.

c.Optionally, select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication. This option appears only if the tenant supports AD for user authentication.

5.To enable the WebDAV API:

a.Select Enable WebDAV API. This option is available only if Enable HTTP or Enable HTTPS is already selected.

Above the Enable WebDAV API option, the panel shows the URL for access to the namespace through the WebDAV API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

b.Optionally, to enable WebDAV basic authentication, select Enable WebDAV basic authentication. Then:

In the Username field, type the username to use for basic authentication. Usernames must be from one through 64 characters long and can contain any valid UTF-8 characters but cannot start with an opening square bracket ([). White space is allowed.

Usernames are not case sensitive.

In the Password field, type the password to use for basic authentication. Passwords can be up to 64 characters long, are case sensitive, and can contain any valid UTF-8 characters, including white space. The minimum password length is the same as the minimum password length for HCP user accounts, which is configurable.

To be valid, a password must include at least one character from two of these three groups: alphabetic, numeric, and other.

If you’re modifying settings in the HTTP(S) panel and you leave the Password field empty, the previously set password remains in effect.

In the Confirm Password field, type the password again.

TipWebHelp.png

Tip: Be sure to tell WebDAV users the username and password you specify.

c.Optionally, to enable WebDAV users to store dead properties as custom metadata, select Use custom metadata to store WebDAV properties.

6.Click on Update Settings.

If you selected Enable HTTP and also selected Enable REST API, Enable Hitachi API for Amazon S3, Enable HSwift API, or Enable WebDAV API, a confirming message appears. In response to this message, click on Update Settings.

Allow/Deny section

To set the IP addresses to be allowed or denied access to the namespace through the REST, S3 compatible, HSwift, and WebDAV APIs:

Optionally, in the Allow/Deny section, specify IP addresses to be allowed or denied access to the namespace through the REST, S3 compatible, HSwift, and WebDAV APIs. For instructions on doing this, see Adding and removing entries in Allow and Deny lists.

To specify how HCP should handle IP addresses that appear in both or neither of the Allow and Deny lists, select or deselect Allow request when same IP is used in both lists. Changes to this option take effect immediately.

For the effects of this option, see Allow and Deny list handling.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

 

  • Was this article helpful?