Currently, the following controls for API security functions within NX-API REST are supported and provided by Cisco:

• REST API password-based authentication uses a special subset of request URIs, including aaaLogin, aaaLogout,and aaaRefresh as the DN targets of a POST operation.
• Data payloads are formatted in XML or JSON, and contain the MO representation of an aaaUser object with attributes defining the username and password.
• The response to the POST operation will contain an authentication token as both a Set-Cookie header and an attribute to the aaaLogin object in the response.
• Subsequent operations on the REST API can use this cookie to authenticate future requests.