The GET /auth REST resource responds with a session token to authenticate requests to other resources. The request to GET /auth must include a payload computed according to the following algorithm, Base64 encode it, then add it to the request’s Authorization header with a Basic scheme. The following is an example of an GET /auth request with its generated Base64 payload.
GET /auth Authorization: Basic dXNlcj1rYWRtaW4scGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5 YTU3YTkzODY2ZTQxZCxwYXNzMT0wZGMwZmY5YzBkNGVkMDRlODJiYzZmYTk0ZTY3NTQzMjFhMDgyMzc1LHJhbmQyPTk5 NDY1NixycGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5YTU3YTkz ODY2ZTQxZCxycGFzczE9MGRjMGZmOWMwZDRlZDA0ZTgyYmM2ZmE5NGU2NzU0MzIxYTA4MjM3NSx0d29mYXBhc3M9OnVu ZGVmaW5lZA==
Auth Payload Algorithm
The following summarizes the algorithm used to generate the GET /auth payload for a given username and password. Italics indicate variable names.
Generate a random integer, store in variable called Random.
Compute the SHA-256 hash of the admin password, store in RawSHA256Hash.
Compute the SHA-256 hash of the concatenated string Password + Username, store in CoveredSHA256HashTemp.
Compute the SHA-256 hash of the concatenated string CoveredSHA256HashTemp + Random, store in CoveredSHA256Hash.
Compute the SHA-1 hash of the admin password, store in RawSHA1Hash.
Compute the SHA-1 hash of the concatenated string Password + Username, store in CoveredSHA1HashTemp.
Compute the SHA-1 hash of the concatenated string CoveredSHA1HashTemp + Random, store in CoveredSHA1Hash.
Create a comma separated concatenated string with the following strings and variables.
