Skip to main content

We've Moved!

Product Documentation has moved to
Hitachi Vantara Knowledge

Authenticating with the REST API server

Credentials can be either a user/password combination or an API Key. Access via API Key is the preferred method, and keys can be generated as follows:


  1. Log in to the HNAS CLI as an administrative user.

  2. Create a new API key with the apikey-create command. API keys are created with full access to all APIs by default.

    m1-merc-metro:$ apikey-create "nicktest"
    Please make a note of this new API Key, as it is not possible to display the full key again.
    Only the prefix and description can be displayed in the future.
    New key:  xIAdbgTNVP.Nj2TOgxiOYgpTu2kjzEGS4QmIJIeLmF3aXKg6FhY9vC

    It is user’s responsibility to store this created key to be used in all API requests. There is no way to recover the API key if it is lost except to create a new one.

  3. To list, enable/disable or delete an API key, use the apikey-list, apikey-update, and apikey-delete commands. API keys can be restricted to read-only using the apikey-update command.

  4. Subsequently, you can use the created API key to replace user password authentication.

    For example, suppose your API key is “QA3RIPLHbk.B6.pfg8YCeeK07BhTy3UC48VlJ8teTg28nNvMWEHl77”. Then, you can use a custom HTTP header “X-Api-Key: QA3RIPLHbk.B6.pfg8YCeeK07BhTy3UC48VlJ8teTg28nNvMWEHl77” in your request for authentication. The API key is the recommended authentication method because it provides better security by enforcing authentication for each request. See more details at Required custom HTTP headers.


    Traditional user/password authentication is still supported for backward compatibility purposes. Create a new user name User1 with the password Password through the following CLI command:

    user add User1 Password SUPERVISOR

    To restrict any new users to read-only access, create them at "USER" level instead of "SUPERVISOR". This is only possible on HNAS systems and not VSP Unified systems.

    A user cannot be deleted unless and until all valid login sessions associated with that user have ended. The typical idle timeout session time is about 30 minutes.


  • Was this article helpful?