Authenticating with the REST API server
The REST API server does not enforce authentication. It forwards credentials to the Hitachi NAS Platform, which enforces authentication.
Credentials can be either a supervisor level user or an API Key. Access via API Key is the preferred method, and keys can be generated as follows:
Procedure
Log in to the HNAS CLI as an administrative user.
Starting from version 7.1.3, an API key can be used as the recommended authentication method that has many advantages over the traditional user/password method. You can create a new API key with the apikey-create command:
m1-merc-metro:$ apikey-create "nicktest" Please make a note of this new API Key, as it is not possible to display the full key again. Only the prefix and description can be displayed in the future. New key: xIAdbgTNVP.Nj2TOgxiOYgpTu2kjzEGS4QmIJIeLmF3aXKg6FhY9vC
NoteIt is user’s responsibility to store this created key to be used in all API requests. There is no way to recover the API key if it is lost except to create a new one.
To list, enable/disable or delete an API key, use the apikey-list, apikey-update, and apikey-delete commands.
Subsequently, you can use the created API key to replace user password authentication.
For example, suppose your API key is
“QA3RIPLHbk.B6.pfg8YCeeK07BhTy3UC48VlJ8teTg28nNvMWEHl77”.Then, you can use a custom HTTP header“X-Api-Key: QA3RIPLHbk.B6.pfg8YCeeK07BhTy3UC48VlJ8teTg28nNvMWEHl77”in your request for authentication. The API key is the recommended authentication method because it provides better security by enforcing authentication for each request. See more details at Required custom HTTP headers.NoteTraditional user/password authentication is still supported for backward compatibility purposes. Create a new user name User1 with the password Password through the following CLI command:
user add User1 Password SUPERVISOR
A user cannot be deleted unless and until all valid login sessions associated with that user have ended. The typical idle timeout session time is about 30 minutes.