- Cisco HyperFlex Systems
- REST API Getting Started Guide
- REST API Reference
- HXCLI Reference
- Cisco UCS Programmabilty
- Cisco UCS Manager
- Cisco UCS Director
- Community and Support
Authentication
To use the HyperFlex REST APIs, you must first authenticate an API client and obtain a valid access token. To authenticate and obtain a valid access token, and to manage the life-cycle of access tokens (refresh, validate and revoke), use the APIs provided in the Authentication, Authorization and Accounting APIs section of the HyperFlex REST API Explorer.
To authenticate and obtain a new access token, use the /auth POST method API under the Obtain Access Token sub-category.
Note:
HyperFlex Authentication, Authorization and Accounting (AAA) is based on OAuth 2.0 which is an open standard for access delegation. OAuth is versatile and supports many authorization workflows, some of which are not implemented within HyperFlex AAA today. The username and password parameters within the body are not hardcoded and must be provided to obtain an access token.
The body of the /auth POST method should look similar to the following:
| Parameters | Description |
|---|---|
| Username | enter_your_username |
| Password | enter_your_password |
After the API is submitted, you should get a response similar to the following:
Note:
The token_type value obtained from AAA is type Bearer.
The access_token value is used to authorize the user for any and all subsequent API operations. It must be provided as the Authorization parameter for the API calls.
REST API Explorer – Authentication
REST API Explorer is a GUI tool which provides documentation for REST APIs and allows users to invoke REST APIs on a live system using the Try it out! button. This section covers how the user is authenticated while invoking REST APIs. As the Authentication, Authorization and Accounting (AAA) APIs deal with authentication, this section does not apply to AAA APIs.
Users can either adopt Token-based authentication or Basic authentication to get authenticated before gaining access to resources in system.
- If the user adopts the Token-based authentication approach, the user must first obtain an Access Token using the /aaa/v1/auth API provided by AAA APIs. The token thus obtained should be prepended with “Bearer “ and supplied in the Authorization field while invoking the API. Both local users and domain users can use this mechanism for authentication.
- If the user adopts the Basic authentication approach, the user must leave the Authorization field empty. When a HX user clicks the Try it out! button in REST Explorer, the user will get a login prompt to provide credentials. Only local users can use this mechanism for authentication.