SonicOS/X API Reference Guide

Authentication Methods

SonicOS API supports four authentication mechanisms that share the same endpoint for client login and logout.

Endpoint HTTP Method & Body
GET POST PUT DELETE
URI: /api/sonicos/auth Empty Empty Empty
  1. Navigate to MANAGE | System Setup | Appliance > Base Settings.

  2. Scroll down to the SonicOS API section.

  3. Select from the choices under Enable SonicOS API.

    • Enable RFC-7616 HTTP Digest Access Authentication

      • Enable digest algorithms: SHA256 or MD5

      • Integrity protection: Disabled, Allowed, or Enforced.

      • Use session variant (password hashes in place of passwords): Disabled, Allowed, or Enforced.

    • Enable CHAP authentication

    • Enable RFC-2617 HTTP Basic Access authentication

    • Enable Public Key Authentication

      • RSA modulus (key/cipher size in bits): 2014 is the default.

      • RSA padding type: PKCS#1 v1.5 or PKCS#1 v2.0 OAEP

        • OAEP hash method: SHA-1, SHA-256, or Other

        • OAEP mask (MGF1) method: SHA1, SHA-256, or Other

    • Enable Two-Factor and Bearer Token Authentication

    • Enable session security using RFC-7616 Digest Access Authentication

      • Can hold user passwords received from the client.

      • Maximum nonce use: 10 by default

    It is highly recommended to call delete api/sonicos/auth to log out of the API session, with bearer token or user name/password. Otherwise, the session is closed after a time of inactivity.

    The settings for RFC-7616 Digest Authentication also apply to session security. If the settings are disabled for RFC-7616, they are enabled for session security.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden