Authenticate

The Oracle Communications Session Delivery Manager (SDM) REST API uses the HTTP Cookie header for authentication. To successfully authenticate to the SBC, send a POST request to the authentication endpoint.

The Cookie Header

SDM uses the Cookie header to authenticate clients.

  1. The client sends credentials in a request body to /rest/{versionId}/admin/login.

    An example of the request body as XML:

    <?xml version="1.0" encoding="UTF-8"?>
    <session>
      <userName>admin</userName>
      <password>passphrase</password>
    </session>

    An example of the request body as JSON:

    {
        "userName":"admin",
        "password":"passphrase"
    }
  2. SDM responds with the Set-Cookie header.

    Set-Cookie: JSESSIONID=72B6313B8948356ED9D3F9B409B8FF0A.tomcat1; Path=/rest; HttpOnly
  3. The client passes the Cookie header in subsequent requests.

    Cookie: JSESSIONID=72B6313B8948356ED9D3F9B409B8FF0A.tomcat1

Authenticating with cURL

  1. Send a POST request to the /rest/{versionId}/admin/login endpoint.

    Use the -c <filename> flag to save the cookie to a file.

    Use the -d@<filename> flag to send a local file as the request body.

    curl -v -X POST \
        -c sessionid.txt \
        -d@request.xml \
        --header "Accept: application/xml" \
        --header "Content-Type: application/xml" \
        'https://example.com:8443/rest/v1.3/admin/login'

    The cookie is saved to sessionid.txt.

  2. In subsequent requests, send the cookie in the Cookie header.

    To do this with cURL, use the -b <filename> option.

    curl -X GET \
        -b sessionid.txt \
        --header "Accept: application/xml" \
        'https://example.com:8443/rest/v1.3/admin/serverInfo'

Authenticating with Python

The following example shows how to get and send an authentication cookie using Python.

import requests
from lxml import etree

# set the endpoint
url = "https://example.com:8443/rest/v1.3/admin/login"

# create the HTTP headers
headers = { "Accept": "application/xml", "Content-Type":"application/xml" }

# read the credentials from a local file.
data = etree.tostring(etree.parse("request.xml"))

# send the POST request
resp = requests.post(url, headers=headers, data=data)

# extract the cookie from the response body
tree = etree.fromstring(resp.content)
cookie = tree.xpath('//sessionId')[0].text

# add the cookie to the headers dictionary
headers['Cookie'] = cookie

# the cookie is now included in subsequent requests
resp = requests.get("https://example.com:8443/rest/v1.3/admin/serverInfo", headers=headers)