EDIT: Solved - code appended below to work correctly. It was related to cookies not being passed along.

I am trying to pull priarily help desk data out of the K1000, but also device inventory information. I've written a Powershell script that successfully authenticates, retrieves a CSRF token, and updates my subsequent request headers with that token value, but i still get a 'HTTP 401 access denied' when I try any actual API query. 

I have tried setting 'x-dell-api-version' from values of 1-7 with no success.

Here is the powershell code I have:

$body = @{
'password' = "MYPASSWORD"
'userName' = "admin"
'organizationName' = 'Default'

} | ConvertTo-Json

$Uri = 'https://MYKBOX/ams/shared/api/security/login'

$session = new-object microsoft.powershell.commands.webrequestsession

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
$headers.Add('x-dell-api-version','5')

$Request = Invoke-WebRequest -Uri $Uri -Headers $headers -Body $body -Method Post -WebSession $session

$CSRFToken = $request.Headers.'x-dell-csrf-token'
$headers.Add("x-dell-csrf-token","$CSRFToken")


$APIUrl = 'https://MYKBOX/api/scripting/'

$rifle = Invoke-RestMethod -Uri $apiurl -Headers $headers -Method GET -WebSession $session

3 Comments   [ + ] Show Comments

Comments

  • I have been using Postman to test my API queries and this request works for me. Are you actually using the admin user for your requests, or did you just put it there for this post? I have found that I need to login with my LDAP username and password for the API to work properly (but maybe you aren't using LDAP authentication).
    Can you load /api/inventory/machines ?
    • I did sanitize this particular password for the purposes of putting it online. I have tried using both the built-in administrator and an ldap user with full admin rights and got the same reply. Is there something in the case box I need to enable to begin running API queries successfully?
  • I'm not sure how PowerShell handles requests, but in my authentication request I have commas separating the fields:
    {
    "password" : "{{password}}",
    "userName" : "{{userName}}",
    "organizationName" : "Default"
    }

    Have you tried outputting the x-dell-csrf-token header after authentication to verify that it was returned correctly?
    • I have yes- Powershell actually converts the hashtable to JSON format with the ConvertTo-Json cmdlet, and i did verify it returns the correct format in the $body variable.
    • So I figured it out. It was related to cookies. I needed to instantiate a new websession in my initial request and invoke that same session on subsequent requests.

      Essentially I added

      $session = new-object microsoft.powershell.commands.webrequestsession


      to my initial API authentication $request and added the -WebSession $session to it, then later on in my API call, i reused it with -WebSession $session again in the invoke-restmethod.

      So essentially it was how the API needed to keep the cookies across both requests.

      Thanks!!
  • Can this tigger scripted installs?
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity