SonicOS/X API Reference Guide
Table of Contents
Challenge-Handshake Authentication (CHAP)
SonicOS API supports a CHAP authentication scheme, which is generally less secure than the more modern RFC-7616 HTTP Digest scheme, but could be useful, particularly if using RADIUS for the back-end authentication with remote user accounts
Clients must first perform a CHAP challenge initiate request by invoking a call to GET /api/sonicos/auth:
HTTP/1.0 200 OK
Server: SonicWALL
Content-type: application/json; charset=UTF-8
{
"id": "{string}",
"challenge": "{string}"
}
| id: | Type: | string (hexadecimal number) |
| Description: | CHAP ID | |
| Example: | 0b
|
|
| challenge: | Type: | string (hexadecimal #) |
| Description: | Hexadecimal-formatted, randomly generated number | |
| Example: | EA7F57F37595B6891C222EF284C05D84
|
Clients must then generate a one-way hash (CHAP digest) using the user's credentials and the parameters returned via the initiate request. For information on how to calculate the digest see RFC-1994.
When the CHAP digest is generated, it is packaged up via a JSON-formatted request to
POST /api/sonicos/auth:
{
"override": {boolean},
"id": "{string}",
"user": "{string}",
"digest": "{string}"
}
| override: | Type: | boolean |
| Description: | Boolean flag that if true will allow the API session to override an admin currently logged in. | |
| Default: | false | |
| Example: | true
|
|
| id: | Type: | string (hexadecimal number) |
| Description: | CHAP ID. | |
| Example: | 0b
|
|
| user: | Type: | string |
| Description: | Username. | |
| Example: | admin
|
|
| digest: | Type: | string |
| Description: | CHAP digest. | |
| Example: | D96E46E27497B6891C222EF284C05D84
|