Authentication Methods

SonicOS API supports four authentication mechanisms that share the same endpoint for client login and logout.

Endpoint	HTTP Method & Body
	GET	POST	PUT	DELETE
URI: /api/sonicos/auth	Empty	Empty	—	Empty

1. Navigate to MANAGE | System Setup | Appliance > Base Settings.

2. Scroll down to the SonicOS API section.

3. Select from the choices under Enable SonicOS API.

   • Enable RFC-7616 HTTP Digest Access Authentication

     • Enable digest algorithms: SHA256 or MD5

     • Integrity protection: Disabled, Allowed, or Enforced.

     • Use session variant (password hashes in place of passwords): Disabled, Allowed, or Enforced.

   • Enable CHAP authentication

   • Enable RFC-2617 HTTP Basic Access authentication

   • Enable Public Key Authentication

     • RSA modulus (key/cipher size in bits): 2014 is the default.

     • RSA padding type: PKCS#1 v1.5 or PKCS#1 v2.0 OAEP

       • OAEP hash method: SHA-1, SHA-256, or Other

       • OAEP mask (MGF1) method: SHA1, SHA-256, or Other

   • Enable Two-Factor and Bearer Token Authentication

   • Enable session security using RFC-7616 Digest Access Authentication

     • Can hold user passwords received from the client.

     • Maximum nonce use: 10 by default

   It is highly recommended to call delete api/sonicos/auth to log out of the API session, with bearer token or user name/password. Otherwise, the session is closed after a time of inactivity.

   

   The settings for RFC-7616 Digest Authentication also apply to session security. If the settings are disabled for RFC-7616, they are enabled for session security.