User authentication

REST API Reference Guide for Virtual Storage Platform 5000, Virtual Storage Platform E Series, and Virtual Storage Platform G/F Series

Version
93-07-0x
90-09-0x
88-08-10
Audience
anonymous
Part Number
MK-98RD9014-17
User authentication is required to operate the storage system. To run any REST API request, you must specify the Authorization header to perform user authentication.

In the REST API, session-based user authentication is performed. A session is always generated first when a REST API client accesses the REST API server and starts an operation. In the request that generates a session, the user ID and password are used for authentication to access the storage system. After a session is created, specify session information for the Authorization header to perform authentication based on the session information.

Note:
  • For REST API user authentication, use a user account registered in the storage system, or use a user account managed by the external authentication servers or approved external servers that are connected to the storage system.

    User accounts of other products, such as Hitachi Command Suite products, and user accounts managed by an external authentication servers or an approved external servers that are connected to other products cannot be used for REST API user authentication.

  • To perform REST API user authentication when the storage system and the other products, such as a Hitachi Command Suite products, are connected to the same external authentication server or approved external server, create a user account other than the one used by the other products. In such cases, create a user account that meets the following conditions:

    • If you are creating a user account for external authentication, do not register this account in the Hitachi Command Suite products.

    • If you are creating a user account for approved external authentication, do not register the approved external group in the Hitachi Command Suite products.

Selecting the appropriate user authentication method

When using the REST API, use different authorization methods appropriately, as shown below.

  • For session generation: Authorization is based on the user ID and password.
  • For operations other than the above: Authorization is based on the session.

The following provides an overview of authentication based on the operation of the REST API.

Authentication by the user ID and password

When you create a session, specify authentication information in the following format in the Authorization header:

Authorization: Basic authentication-information
authentication-information
Specify a base64-encoded character string in which the user ID and password are concatenated with a colon (:). Use the user ID and password of a user account that can perform operations on storage system resources.

When using the REST API, you can use the following characters for the user ID and password.

Item

Number of characters

Specifiable characters

User ID

1 to 63 characters

You can use the following characters.
  • Alphanumeric characters
  • The following symbols:

    ! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~

Password

6 to 63 characters

You can use the following characters.
  • Alphanumeric characters
  • ASCII symbols which can be keyed in except space:

    ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

The following is an example of the Authorization header where the user ID is sample-user, and the password is sample-password:

Authorization: Basic c2FtcGxlLXVzZXI6c2FtcGxlLXBhc3N3b3Jk

Authentication by sessions

Specify the token for the session in the following format in the Authorization header:

Authorization: Session token
Token
A token is authentication information that is returned after a session is created. This information is used to determine whether the request was issued from an authorized user.

Example of the Authorization header:

Authorization: Session 550e8400-e29b-41d4-a716-446655440000