Authentication & Authorization
Authentication
All requests to the Evolved Programmable Network Manager API require user authentication. If no authentication details are provided in the request, the request is redirected to the login page. Authentication details may be passed through the HTTP header of the request. Note that all access to the API are enforced over https.
The API uses basic authentication. The user name is appended with a colon and concatenated with the password and encoded with the Base64 algorithm.
For example, given the user name 'Aladdin' and password 'open sesame', the string 'Aladdin:open sesame' is Base64 encoded, resulting in 'QWxhZGRpbjpvcGVuIHNlc2FtZQ=='.
The Authorization HTTP header is used to pass the value. Below is an example.
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Authorization
For Evolved Programmable Network Manager, access to the API is controlled by three user groups. Each of these groups controls access to a different set of APIs. You can assign a user to multiple groups if you wish. You can check the documentation page of an API resource to determine which user group is required to access it.
| Access Type |
Access Description |
| NBI Read |
Can access the "read only" API resources. These API resource are accessed with GET HTTP method. |
| NBI Write |
Can access APIs that change configuration of devices. These API resources include are accessed with the PUT, POST, and DELETE HTTP methods. |
| NBI Credential |
Can access APIs that return device credentials (such as the Credentials Service group) or other sensitive information. |
The root user and users in the "Super Users" group are treated as being in the NBI Read and NBI Write groups.