About Session Key Security; Creating A Session Key; Using A Session Key; Message Body Json Objects For Session Key Creation - HP 3PAR StoreServ 7200 2-node Manual

Hp 3par web service api 1.2 developer's guide (qr482-96192, june 2013)

Hide thumbs Also See for 3PAR StoreServ 7200 2-node:

Administrator's manual (204 pages)

Manual (95 pages)

Service manual (66 pages)

Table Of Contents

100

101

102

103

104

105

106

107

page of 107

/ 107
Contents
Table of Contents
Bookmarks

Table of Contents

About Session Key Security

Because session keys allow access to the storage server, client applications should not display

session keys or otherwise make them visible to end users. Revealing a session key is similar to

revealing a password in that an unauthorized person who obtains a session key can use it to

access the storage server until the key is deleted.

Creating a Session Key

Except when querying the API version and when creating and deleting a session key, the session

key is required for all operations and is passed in an HTTP header with the name

X-HP3PAR-WSAPI-SessionKey.

Each session key is associated with the IP address of the client that originally requested it, and

subsequent use is restricted to requests from that same IP address. An example of creating a session

key using cURL (a command-line utility available for most Linux distributions) is as follows:

Enter the following (in a single command line):

curl -k -H "Accept:application/json" -H

"Content-Type:application/json" --data-binary

'{"user":"example","password":"example"}' https://<storage

system>:8080/api/v1/credentials

The system returns the HTTP code 201 Created, the URI of the newly created session key

in the location portion of the HTTP header, and a message body with the JSON object; see

Table 4 (page

Example

HTTP/1.1 201 Created

Date: Thu, 28 Jul 2011 00:00:38 GMT

Server: hp3par-wsapi

Cache-Control: no-cache

Pragma: no-cache

Content-Type: application/json

Location: /api/v1/credentials/48A70B8A8301C458037E0821

Connection: close

{"key":"48A70B8A8301C458037E0821"}

Table 4 Message Body JSON Objects for Session Key Creation

Member

key

Using a Session Key

Except for creating and deleting a session key, the session key is required for all operations. The

key is passed in an HTTP header with the following name:

X-HP3PAR-WSAPI-SessionKey

Example using the cURL command line utility

curl -s

H "X-HP3PAR-WSAPI-SessionKey: 48A70B8A8301C458037E0821" \

http://InServ1:8008/api/v1/volumes

The resulting HTTP request appears as follows:

GET /api/v1/volumes HTTP/1.1

User-Agent: curl/7.21.3 (i686-pc-linux-gnu) libcurl/7.21.3

OpenSSL/0.9.8ozlib/1.2.3.4 libidn/1.18

15).

JSON Type

string

Description

The session key.

System Access

Table of Contents

Show Quick Links

Quick Links:
Introduction

Hide quick links:

Table of Contents

This manual is also suitable for:

3par storeserv 7400 2-node 3par storeserv 7400 4-node 3par storeserv 7450 2-node 3par storeserv 10000

About Session Key Security; Creating A Session Key; Using A Session Key; Message Body Json Objects For Session Key Creation - HP 3PAR StoreServ 7200 2-node Manual

About Session Key Security

Creating a Session Key

Using a Session Key

Hide quick links:

Related Manuals for HP 3PAR StoreServ 7200 2-node

Related Content for HP 3PAR StoreServ 7200 2-node

This manual is also suitable for:

Table of Contents