Are you certain the system is running Avamar 7.5.1?

Assuming the system is 7.5.1, the REST API compatible with this release is a separate, installable component. This component is only available by RPQ. I should also note that the older "Concerto" API is no longer being actively developed, so I would strongly recommend any new apps be written for the 18.2 API.

Thanks, ionthegeek

I'm rather certain that it's running a 7.5.1 :)

So I found that the following the 18.2 documentation worked for me 

have a look at this 

admin@BK-REDACTED:~/>: gsan --version
version: 7.5.1-101
build date: Dec 15 2017 08:40:56
msg format: 13-10
SSL: TLSv1 OpenSSL 1.0.2l-fips 25 May 2017
Zlib: 1.2.3
LZO: 1.08 Jul 12 2002
platform: Linux
OS version: SLES-64
Processor: x86_64
admin@BK-REDACTED:~/>: mcserver.sh --version
version: 7.5.1-101_HF302282
PostgreSQL version: postgres (PostgreSQL) 9.4.13
db schema version: 7.5.1.22
views schema version: 7.5.0.5
admin@BK-REDACTED:~/>: {

admin@BK-REDACTED:~/>: curl -k -vvv -X POST -u MCUser:XXXXXXXXXXXXXXXX -H "Content-Type: application/json" --data @Body.json https://localhost/api/v1/oauth2/clients
* Hostname was NOT found in DNS cache
* Trying ::1...
* Connected to localhost (::1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=California; L=Irvine; O=Dell Technologies; OU=Dell EMC; CN=BK-REDACTED.xxxx.local; emailAddress=root
* start date: 2017-04-21 09:50:02 GMT
* expire date: 2022-04-20 09:50:02 GMT
* issuer: C=US; ST=California; L=Irvine; O=Dell Technologies; OU=Dell EMC; CN=BK-REDACTED.xxxx.local; emailAddress=root
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'MCUser'
> POST /api/v1/oauth2/clients HTTP/1.1
> Authorization: Basic TUNVc2VyOldpbGwtQkUtNTU1ODg4
> User-Agent: curl/7.37.0
> Host: localhost
> Accept: */*
> Content-Type: application/json
> Content-Length: 369
>
* upload completely sent off: 369 out of 369 bytes
< HTTP/1.1 200 OK
< Date: Tue, 04 Jun 2019 07:41:15 GMT
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: SAMEORIGIN
< X-Application-Context: Kylin:production:9000
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
{
"clientName" : "toto.rh.REDACTED.local",
"clientId" : "efe2cf51-5aea-466b-9c99-bcdbb48248f0",
"clientSecret" : "Gl5DfnQyxBHBDrAvjwjQun7b+raM3gL2KJiRa1LewlvEdHTvvMtYfdr5xQxE5lZ7criVg5aq/UZUPNpDZg9Pw",
"redirectUris" : [ "https://my-app-server/callback" ],
"scopes" : [ "read", "write" ],
"autoApproveScopes" : [ "all" ],
"authorizedGrantTypes" : [ "password" ],
"accessTokenValiditySeconds" : 1800,
"refreshTokenValiditySeconds" : 43200
* Connection #0 to host localhost left intact
}admin@BK-REDACTED:~/>:

This is why I got really confused, I knew back then Avamar REST API was only installable as stand alone appliance or on BRM with PS engagement but it look like from 7.5.1 it is like in 18.1/18.2 Rest API is shipped with MCS.

We have upgrade to 18.2 planned within the month but I found this to be weird to have the documentation of 18.2 working for 7.5.1.

as you can see this is a call to get the client registered to obtain an Oauth2 token and this is referenced in 18.2 and not in 7.5.1 REST API documentation which refers to the old API.

In that old API the session was open via the URL: https://RESTAPISERVER:8543/rest-api/login

If i do a Curl

admin@BK-REDACTED:~/>: curl -k -vvv -X POST -u MCUser:xxxxxxxxxx -H "Content-Type: application/json" --data @Body.json https://localhost:8543/rest-api/login
* Hostname was NOT found in DNS cache
* Trying ::1...
* Connected to localhost (::1) port 8543 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; ST=California; L=Irvine; O=Dell Technologies; OU=Dell EMC; CN=BK-REDACTED.xxxxx.local
* start date: 2017-04-21 09:41:01 GMT
* expire date: 2022-04-20 09:41:01 GMT
* issuer: C=US; ST=California; L=Irvine; O=Dell Technologies; OU=Dell EMC; CN=BK-REDACTED.xxxxx.local
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'MCUser'
> POST /rest-api/login HTTP/1.1
> Authorization: Basic TUNVc2VyOldpbGwtQkUtNTU1ODg4
> User-Agent: curl/7.37.0
> Host: localhost:8543
> Accept: */*
> Content-Type: application/json
> Content-Length: 369
>
* upload completely sent off: 369 out of 369 bytes
< HTTP/1.1 404
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 1092
< Date: Tue, 04 Jun 2019 08:00:18 GMT
< Connection: close
* Server Avamar is not blacklisted
< Server: Avamar
<

HTTP Status 404 – Not Found

Type Status Report

Message /rest-api/login

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exist* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
s.

Apache Tomcat/8.5.34

For the moment i'm still at the dev part preparing my API call's so change of API will not be too much of an issue.

and the swagger is very usefull.

Would be cool if this post would get a bit of a refresh though :)

https://community.emc.com/blogs/LGTOman

I lost quite sometime following wrong track :p

I am running Avamar 18.2 and am looking to authenticate against the REST-API. 

The part I can't seem to get right is the body. In the manual it references "CLIENT_ID", "CLIENT_NAME" and "PASSWORD", but it does not explain how to go about identifying those values.  Are you able to explain what they mean?  Is the Body an input to or an output from the authentication call?

The clientId, clientName, and clientSecret fields are part of the OAuth 2 specification. The instructions on page 15 of the 18.2 REST API Getting Started Guide are a walkthrough for creating the client record.

https://support.emc.com/docu92032_Avamar-18.2-REST-API-Getting-Started-Guide.pdf?language=en_US

The clientId, clientName, and clientSecret should be supplied by you. The OAuth website has more information on what these values are and what they are used for but essentially these values are used to register and identify the "app" that is making the REST API calls.

https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/

The body is the body of the HTTP request being sent to the server. This is typically in JSON format when making REST API calls.

An HTTP request that sends a JSON body looks something like this:

POST /actions/login
Content-Type: application/json
X-Other-Header: Value

{
  "Key": "Value",
  "Key": "Value"
}

The body of this request is everything after the newline at the end of the headers (i.e. the {} and everything in between). On page 15 of the Avamar 18.2 Getting Started guide, it shows a more complete example of a POST body.