KACE -> Utilizing /api/assets/asset Endpoint

I am trying to connect to the KACE API to pull asset data. I am able to successfully authenticate but when I try to make a query to /api/assets/asset I am getting a 401 error with this body:

{"errorCode":-1,"errorDescription":"No Current Organization Selected"}

I have tried changing the dell-api-version (0 through 4 report "Not logged in", 5 through 10 state No Current Organization Selected).
I have tried sending the organizationName in the second query.

My code is:

<?php require './vendor/autoload.php';
$client = new GuzzleHttp\Client([ 'verify' => false ]);
$jar = new \GuzzleHttp\Cookie\CookieJar;
= $client->request('GET',"https://url/ams/shared/api/security/login", [ 'json' => ['userName' => 'redacted', 'password' => 'redacted', 'organizationName' => 'Default', ], 'headers' => ['Content-Type' => 'application/json', 'Accept' => 'application/json', 'x-dell-api-version' => '1'], 'cookies' => $jar ]);

= "";
foreach($jar->toArray() as $data){
if(preg_match('/KACE_CSRF_TOKEN/i', $data['Name'])) $kace = $data['Value'];

$qurl = 'https://url/api/asset/assets';
$res = $client->request('GET',$qurl, [ 'headers' => [ 'Content-Type' => 'application/json', 'Accept' => 'application/json', 'x-dell-api-version' => '5', 'x-dell-csrf-token' => $kace ], 'cookies' => $jar ]);

= $res->getBody();
echo $body;?>

5 Comments   [ + ] Show comments
  • When I switch to $res->getHeaderLine('X-DELL-CSRF-TOKEN') I get the error {"errorCode":-1,"errorDescription":"Invalid CSRF Token"}.

    When I print the $res->getHeaderLine('X-DELL-CSRF-TOKEN') there is no value. This is why I switched to looking through each of the cookies for the KACE CSRF and pulling that value as the token.

    When I try to POST to the security login I get a 500 error (no route found). - dale-muted 2 years ago
  • The code I posted ran on the latest version of SMA and displayed the Assets that existed. - KevinG 2 years ago
  • The server I am running against is 10.2.234 and the Agent is 10.2.108. - dale-muted 2 years ago
  • The code I posted will work if you replace the IP with your IP or hostname. - KevinG 2 years ago
  • Unfortunately it doesn't. I replaced the IP with my hostname, the username and password with mine, and the response I get is invalid CSRF token.

    When I output the $res->getHeaderLine('X-DELL-CSRF-TOKEN') it is blank. - dale-muted 2 years ago

Answers (1)

Posted by: KevinG 2 years ago
Red Belt

Change your code to look for the header 'X-DELL-CSRF-TOKEN'

See working example below, also you can replace the" foreach" code with the following.

$kace = $res->getHeaderLine('X-DELL-CSRF-TOKEN');


require './vendor/autoload.php';

$client = new GuzzleHttp\Client();
$jar = new \GuzzleHttp\Cookie\CookieJar;

 $res = $client->request('POST','', [
                            'json'    => ['userName' => 'admin',
                                          'password' => 'password',
                                          'organizationName' => 'Default'],
                            'headers' => ['Content-Type' => 'application/json',
                                          'Accept' => 'application/json',
                                          'x-dell-api-version' => '5'],
                            'cookies' => $jar


$token = $res->getHeaderLine('X-DELL-CSRF-TOKEN');

$res = $client->request('GET','', [
                            'headers' => [  'Content-Type' => 'application/json',
                                            'Accept' => 'application/json',
                                            'x-dell-api-version' => '5',
                                            'X-DELL-CSRF-TOKEN' => $token ],
                             'cookies' => $jar


$body = $res->getBody();

echo $body;

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ