Welcome Forums General PowerShell Q&A API Auth using Base64 Encoding

Viewing 1 reply thread
  • Author
    Posts
    • #168589
      Participant
      Topics: 2
      Replies: 2
      Points: 15
      Rank: Member

      I’m trying to make an API call using PowerShell , but having little to no luck making it work.  I’m hoping someone here has some experience with using APIs through PowerShell to help speed me along.

      For some reason, I always struggle on the authentication piece of using an API – this occasion is no different.  To start off, I’m using the following code to build my authorization token.

      $Credential = Get-Credential
      $AuthToken = ($((Invoke-WebRequest -Method Post -Uri https://10.24.80.229/api/rest/users/login -ContentType "application/json" -Body "{ 
          `"username`": `"$($Credential.username)`", 
          `"password`":`"$($Credential.GetNetworkCredential().password)`"}").content) | 
          ConvertFrom-Json).result
      $Header = @{"Authorization"="Basic $AuthToken"}

      The token creation works fine and I get a “HTTP/1.1 200 OK” response.  Where things start to go sideways is when I try to use the above header to pull data from the system.  When I run the following command

      (Invoke-RestMethod -Method Get -Headers $Header -Uri "https://10.224.8.229/api/rest/system/name").data.name

      I get the following error message

      Invoke-RestMethod : Apache Tomcat/7.0.85 - Error report HTTP Status 500 - Not base 64type Exception reportmessage Not base 64description The server encountered an internal error that prevented it from fulfilling this request.exception 
      java.lang.IllegalArgumentException: Not base 64
      	com.infinidat.mgmt.utils.java.Base64Utils.decode(Base64Utils.java:59)
      	com.infinidat.mgmt.AuthenticationFilter.getUsernameAndPasswordFromHeader(AuthenticationFilter.java:258)
      	com.infinidat.mgmt.AuthenticationFilter.getCreds(AuthenticationFilter.java:245)
      	com.infinidat.mgmt.AuthenticationFilter.authenticate(AuthenticationFilter.java:193)
      	com.infinidat.mgmt.AuthenticationFilter.doFilter(AuthenticationFilter.java:174)
      note The full stack trace of the root cause is available in the Apache Tomcat/7.0.85 logs.Apache Tomcat/7.0.85
      At line:7 char:2
      + (Invoke-RestMethod -Method Get -Headers $Header -Uri "https://10.224. ...
      +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
          + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

      I’ve been researching how to convert my header to base64 and I’m using the following modification to make the conversion:

      $Header = @{"Authorization"="Basic $([convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("{0}:{1} -f $authtoken")))"}

      Unfortunately, doing this provides a new “unauthorized” type of error which leads me to believe I’m doing the conversion incorrectly.  Any guidance is greatly appreciated.

      Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.
      At line:1 char:2
      + (Invoke-RestMethod -Method Get -Headers $Header -Uri "https://10.224. ...
      +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
          + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
      
      
      

      For context, this is the API I am working with:

      https://support.infinidat.com/hc/en-us/articles/115005784189-Using-the-InfiniBox-API

       

    • #170203
      Participant
      Topics: 1
      Replies: 20
      Points: 77
      Helping Hand
      Rank: Member

      I think the fundamental problem is that you are trying to use the result of the login call as an authorization token, and it isn’t according to the doco I read at https://support.infinidat.com/hc/en-us/articles/360002106537-Using-the-InfiniBox-API. It tells me that the login api endpoint is only to validate credentials.

      To continue using other api endpoints you need to add the authorization header as per this  wikipedia entry.

      My first thought would be check if the Infinibox responds with a 401 unauthorized error when you hit it with the browser.  If it does then the powershell cmdlets should pass  whatever credential you specify as basic auth.  Try something like what I have below.

      $cred = get-credential
      (Invoke-RestMethod -Method Get -Uri "https://10.224.8.229/api/rest/system/name" -credential $cred).data.name

      If that doesn’t work you’ll have to construct the authorization header value and set it for each call.

      $cred = get-credential
      $userpass = "$($cred.UserName):$($cred.GetNetworkCredential().Password)"
      $b64 = [System.Convert]::ToBase64String([System.Text.encoding]::ASCII.GetBytes($userpass))
      $auth = "Basic $b64"
      (Invoke-RestMethod -Method Get -Headers @{"Authorization" = $auth} -Uri "https://10.224.8.229/api/rest/system/name").data.name
Viewing 1 reply thread
  • The topic ‘API Auth using Base64 Encoding’ is closed to new replies.