Authentication

Password Authentication

NOTE The Password Authentication is deprecated and will be removed from VSA as of October 2021.

The GET /auth REST resource responds with a session token to authenticate requests to other resources. The request to GET /auth must include a payload computed according to the following algorithm, Base64 encode it, then add it to the request’s Authorization header with a Basic scheme. The following is an example of an GET /auth request with its generated Base64 payload.

GET /auth
Authorization: Basic
dXNlcj1rYWRtaW4scGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5
YTU3YTkzODY2ZTQxZCxwYXNzMT0wZGMwZmY5YzBkNGVkMDRlODJiYzZmYTk0ZTY3NTQzMjFhMDgyMzc1LHJhbmQyPTk5
NDY1NixycGFzczI9ZjE5ZWFmYzY3ZWY5MzJjMjBkMTlmZGQ1ZmIyZTY1NjBkY2U5YTk1YWFhYjEwNjczMjQ5YTU3YTkz
ODY2ZTQxZCxycGFzczE9MGRjMGZmOWMwZDRlZDA0ZTgyYmM2ZmE5NGU2NzU0MzIxYTA4MjM3NSx0d29mYXBhc3M9OnVu
ZGVmaW5lZA==

Auth Payload Algorithm

The following summarizes the algorithm used to generate the GET /auth payload for a given username and password. Italics indicate variable names.

Generate a random integer, store in variable called Random.
Compute the SHA-256 hash of the admin password, store in RawSHA256Hash.
Compute the SHA-256 hash of the concatenated string Password + Username, store in CoveredSHA256HashTemp.
Compute the SHA-256 hash of the concatenated string CoveredSHA256HashTemp + Random, store in CoveredSHA256Hash.
Compute the SHA-1 hash of the admin password, store in RawSHA1Hash.
Compute the SHA-1 hash of the concatenated string Password + Username, store in CoveredSHA1HashTemp.
Compute the SHA-1 hash of the concatenated string CoveredSHA1HashTemp + Random, store in CoveredSHA1Hash.
Create a comma separated concatenated string with the following strings and variables.
- “user=” + Username
- “pass2=” + CoveredSHA256Hash
- “pass1=” + CoveredSHA1Hash
- “rpass2=” + RawSHA256Hash
- “rpass1=” + RawSHA1Hash
- “rand2=” + Random
You should end up with the string:
- “user={Username},pass2={CoveredSHA256Hash},pass1={CoveredSHA1Hash},rpass2={RawSHA256Hash},rpass1={RawSHA1Hash},rand2={Random}”
Base64 encode this string.
Use the encoded value in the Authorization header with a Basic scheme.

Personal Token Authentication

The request to GET /auth must include a payload computed according to the following algorithm, Base64 encode it, then add it to the request’s Authorization header with a Basic scheme.

Auth Payload Algorithm

The following algorithm used to generate the GET /auth payload for a user.

Create the following string:
“{username}:{token}”
Base64 encode this string.
Use the encoded value in the Authorization header with a Basic scheme.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!