Authentication

Password Authentication

Note: The Password Authentication is deprecated and will be removed from VSA as of October 2021.

The GET /auth REST resource responds with a session token to authenticate requests to other resources. The request to GET /auth must include a payload computed according to the following algorithm, Base64 encode it, then add it to the request’s Authorization header with a Basic scheme. The following is an example of an GET /auth request with its generated Base64 payload.

GET /auth
Authorization: Basic
dXNlcj1rYWRtaW4scGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5
YTU3YTkzODY2ZTQxZCxwYXNzMT0wZGMwZmY5YzBkNGVkMDRlODJiYzZmYTk0ZTY3NTQzMjFhMDgyMzc1LHJhbmQyPTk5
NDY1NixycGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5YTU3YTkz
ODY2ZTQxZCxycGFzczE9MGRjMGZmOWMwZDRlZDA0ZTgyYmM2ZmE5NGU2NzU0MzIxYTA4MjM3NSx0d29mYXBhc3M9OnVu
ZGVmaW5lZA==

Auth Payload Algorithm

The following summarizes the algorithm used to generate the GET /auth payload for a given username and password. Italics indicate variable names.

1. Generate a random integer, store in variable called Random.
2. Compute the SHA-256 hash of the admin password, store in RawSHA256Hash.
3. Compute the SHA-256 hash of the concatenated string Password + Username, store in CoveredSHA256HashTemp.
4. Compute the SHA-256 hash of the concatenated string CoveredSHA256HashTemp + Random, store in CoveredSHA256Hash.
5. Compute the SHA-1 hash of the admin password, store in RawSHA1Hash.
6. Compute the SHA-1 hash of the concatenated string Password + Username, store in CoveredSHA1HashTemp.
7. Compute the SHA-1 hash of the concatenated string CoveredSHA1HashTemp + Random, store in CoveredSHA1Hash.
8. Create a comma separated concatenated string with the following strings and variables.
   • “user=” + Username
   • “pass2=” + CoveredSHA256Hash
   • “pass1=” + CoveredSHA1Hash
   • “rpass2=” + RawSHA256Hash
   • “rpass1=” + RawSHA1Hash
   • “rand2=” + Random
9. You should end up with the string:
   • “user={Username},pass2={CoveredSHA256Hash},pass1={CoveredSHA1Hash},rpass2={RawSHA256Hash},rpass1={RawSHA1Hash},rand2={Random}”
10. Base64 encode this string.
11. Use the encoded value in the Authorization header with a Basic scheme.

Personal Token Authentication

The request to GET /auth must include a payload computed according to the following algorithm, Base64 encode it, then add it to the request’s Authorization header with a Basic scheme.

Auth Payload Algorithm

The following algorithm used to generate the GET /auth payload for a user.

1. Create the following string:
   “{username}:{token}”
2. Base64 encode this string.
3. Use the encoded value in the Authorization header with a Basic scheme.