Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

PowerScale OneFS API Reference

PDF

Implement CSRF authentication

Obtain a CSRF token to submit with each OneFS API request.

Steps

  1. Send an authentication request with credentials to the OneFS session API (/session/11/session). 
     $ curl -vk https://00.0.0.0:8080/session/1/session -X POST \
             -H 'Content-Type: application/json' \
             -d '{ "username": "testuser",
                   "password": "A_Pa$$word",
                   "services": ["platform"]
                 }'

    The server validates supplied credentials and performs global API authorization checks. If client identity is confirmed and authorization checks pass, the server responds with two tokens: a session token (isisessid) and an anti-CSRF token (isicsrf). Save both tokens and submit them on subsequent API requests to pass authentication checks. If authentication fails, then an appropriate HTTP error code is returned.

    Response: 

    HTTP/1.1 201 Created
       Date: Thu, 25 Jan 2020 22:34:20 GMT
       Server: Apache/2.2.34 (FreeBSD) mod_ssl/2.2.34 OpenSSL/1.0.2k-fips
mod_fastcgi/2.4.6
       Set-Cookie: isisessid=924bb64a-cffd-4d98-9ccc-6703fabc3210; path=/;
HttpOnly; Secure; SameSite=strict
       Set-Cookie: isicsrf=8c5da1e4-5508-4609-9978-4a6d283e4c3a; path=/;
Secure
       Content-Length: 96
       Content-Type: application/json
      
{"services":["platform"],"timeout_absolute":14400,"timeout_inactive":900,"username":"testuser"}
  2. For authenticated requests to the OneFS platform API, the client sends their OneFS session cookie. For successful CSRF request validation checks, the client also sends the CSRF token cookie that is obtained at initial authentication in a special header (X-CSRF-Token). Also send a populated Referrer header matching the connecting host. 
    $ curl -vk https://00.0.0.0:8080/platform/14/auth/id \
             -b 'isisessid=924bb64a-cffd-4d98-9ccc-6703fabc3210' \
             -H 'X-CSRF-Token: 8c5da1e4-5508-4609-9978-4a6d283e4c3a' \
             --referer https://00.0.0.0:8080

    Response: 

    HTTP/1.1 200 Ok
Date: Wed, 17 Nov 2021 13:48:28 GMT
Server: Apache
Allow: GET, HEAD
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-eval'; 
  style-src 'unsafe-inline' 'self'; 
Transfer-Encoding: chunked
Content-Type: application/json

{
"ntoken" : 
{
"additional_id" : 
[

{
"id" : "SID:S-1-5-11"
},

{
"id" : "GID:5"
},
],
"gid": 
{
 "id": "GID:0"
},
"group_sid": 
{
"id": "SID:S-1-22-2-0"
},
"ifs_restricted": false,
"local_address": "10.224.36.234",
"on_disk_group_id": 
{
"id": "GID:0"
},
"on_disk_user_id": 
{
"id": "UID:0"
},
"privilege": 
[
            
{
"id": "ISI_PRIV_LOGIN_CONSOLE",
"name": "Console",
"permission": "r"
}
],
"protocol": 10,
"remote_address": "10.91.79.227",
"uid": 
{
"id": "UID:0"
},
"user_sid": 
{
"id": "SID:S-1-22-1-0"
},
"zid": 1,
"zone_id": "System"
 }
}

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\