Using Restful APIs

To receive API responses through programming, install Postman or any other Rest API client application(s).

Authentication

You are required to have authentication to access certain resources. Redfish offers two methods for users to access Redfish URLs: “basic authentication” and “Redfish session login authentication.” The Service does not require you to create a session when Basic Authentication is used.

Basic Authentication

HTTP basic authentication uses compliant TLS connections to transport the data between any third-party authentication service and clients. Use local BMC credentials or remote protocols like LDAP, Active Directory, or RADIUS to log in with basic authentication.

Session Management

You can use session management to implement authentication. This includes orphaned session timeouts and several simultaneous open sessions. You can create up to 16 sessions.

Step 1: You can post the following username/password information in the payload field, which will create a new session.

{

"UserName": "<username>",

"Password": "<password>"

}

The user will receive the “201” message code with the X-AUTH token created.

Session lifetime: For Redfish sessions, as long as you send requests for the session within the session timeout period, the session will remain open and the session authentication token will remain valid. If the session times out, the session will be automatically terminated.

According to Redfish specification, a user can define session time from 30 to 86400 seconds. If you are not active in the defined time frame, the token will be rendered invalid. You can always patch the “SessionTimeout” value if needed

Example: [PATCH] https://BMC_IP/redfish/v1/SessionService Payload: {"SessionTimeout": 50}

Session termination or logout: A Redfish session is terminated when you log out. This is accomplished by performing the DELETE method on the session resource identified by the link returned in the location header either when the session is created or if the Session ID is returned in the response data. Using the DELETE method on a session by specifying the session resource ID allows an administrator with sufficient privilege to terminate other users’ sessions from a different session.

Example: [DELETE] https://BMC_IP/redfish/v1/SessionService/Sessions/[num]

->Send->Status Code: 200 OK