Security and authentication

Ops Center Analyzer REST API Reference Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99ANA003-18

User authentication is required in order to send an API request and receive the response. Ops Center Analyzer API functions use Basic authentication (Basic Access Authentication) and authentication by using the HSSO token or the Bearer token. Note that APIs that access RAID Agent can only use Basic authentication.

The HSSO token or the Bearer token is necessary for Single Sign-On. The HSSO token times out after 1,000 seconds. The Bearer token times out after 300 seconds.

In the request header, specify the authentication information to be used for user authentication.

Basic authentication requires you to specify the authentication header indicating "Basic" (authentication method) followed by a string consisting of the user name and password separated by a colon (ASCII: 0x3A), encoded with Base64 (referred to as "basic token").

Example for basic authentication:
Authorization: Basic△c3lzdGVtOm1hbmFnZXI=

Legend: △: Single-byte space

The HSSO token authentication requires you to specify the authorization header indicating "HSSO" (authentication method) followed by an HSSO token.

Example for authentication using the HSSO token:
Authorization:HSSO△32bd25936120d68dceabcb49493079f8ef82a4_V0300

Legend: △: Single-byte space

The APIs use Bearer token with OpenID connect authentication when it works with the Hitachi Ops Center Common Services.

Example for authentication using the Bearer token:
Authorization:Bearer△bearer_token

Legend: △: Single-byte space

For unauthorized requests, Ops Center Analyzer servers return status code "401".

Note:
If you use Basic authentication or authentication using the HSSO token to connect to the Ops Center Analyzer server, WWW-Authenticate: HSSO hsso token is returned in the response header. If you want to reconnect with the Ops Center Analyzer server by using the same session to run an API function, specify the request header as follows:
Authorization:HSSO△hsso_token

Legend: △: Single-byte space

Ops Center Analyzer servers return the status code "401" for unauthorized requests, and request user authentication.