SonicOS/X API Reference Guide

Challenge-Handshake Authentication (CHAP)

SonicOS API supports a CHAP authentication scheme, which is generally less secure than the more modern RFC-7616 HTTP Digest scheme, but could be useful, particularly if using RADIUS for the back-end authentication with remote user accounts

Clients must first perform a CHAP challenge initiate request by invoking a call to GET /api/sonicos/auth:

HTTP/1.0 200 OK

Server: SonicWALL

Content-type: application/json; charset=UTF-8

{

"id": "{string}",

"challenge": "{string}"

}

id: Type: string (hexadecimal number)
Description: CHAP ID
Example: 0b
challenge: Type: string (hexadecimal #)
Description: Hexadecimal-formatted, randomly generated number
Example: EA7F57F37595B6891C222EF284C05D84

Clients must then generate a one-way hash (CHAP digest) using the user's credentials and the parameters returned via the initiate request. For information on how to calculate the digest see RFC-1994.

When the CHAP digest is generated, it is packaged up via a JSON-formatted request to

POST /api/sonicos/auth:

{

"override": {boolean},

"id": "{string}",

"user": "{string}",

"digest": "{string}"

}

override: Type: boolean
Description: Boolean flag that if true will allow the API session to override an admin currently logged in.
Default: false
Example: true
id: Type: string (hexadecimal number)
Description: CHAP ID.
Example: 0b
user: Type: string
Description: Username.
Example: admin
digest: Type: string
Description: CHAP digest.
Example: D96E46E27497B6891C222EF284C05D84

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden