Sample VSA REST API Client

Password Authentication

The two following code samples illustrate how to build a C# client that can authenticate the VSA REST API.

NOTE The Password Authentication is deprecated and will be removed from VSA as of October 2021.

using System;

using System.Text;

using System.Security.Cryptography;

namespace SampleVsaRestApiClient

    public class Hash

        public string RandomNumber { get; protected set; }

        public string RawSHA256Hash { get; protected set; }

        public string CoveredSHA256Hash { get; protected set; }

        public string RawSHA1Hash { get; protected set; }

        public string CoveredSHA1Hash { get; protected set; }

        public Hash( string UserName, string Password )

            RandomNumber = GenerateRandomNumber( 8 );

            RawSHA256Hash = CalculateHash( Password, "SHA-256" );

            CoveredSHA256Hash = CalculateHash( Password, UserName, "SHA-256" );

            CoveredSHA256Hash = CalculateHash( CoveredSHA256Hash, RandomNumber, "SHA-256" );

            RawSHA1Hash = CalculateHash( Password, "SHA-1" );

            CoveredSHA1Hash = CalculateHash( Password, UserName, "SHA-1" );

            CoveredSHA1Hash = CalculateHash( CoveredSHA1Hash, RandomNumber, "SHA-1" );

        private string CalculateHash( string Value1, string Value2, string HashingAlgorithm )

            return CalculateHash( Value1 + Value2, HashingAlgorithm );

        private string CalculateHash( string Value, string HashingAlgorithm )

            byte[] arrByte;

            if( HashingAlgorithm == "SHA-1" )

                SHA1Managed hash = new SHA1Managed();

                arrByte = hash.ComputeHash( ASCIIEncoding.ASCII.GetBytes( Value ) );

            else if( HashingAlgorithm == "SHA-256" )

                SHA256Managed hash = new SHA256Managed();

                arrByte = hash.ComputeHash( ASCIIEncoding.ASCII.GetBytes( Value ) );

            else

                throw new ApplicationException( string.Format( "Unknow hashing algorithm: {0}", HashingAlgorithm ) );

            string s = "";

            for( int i = 0; i < arrByte.Length; i++ )

                s += arrByte[i].ToString( "x2" );

            return s;

        private string GenerateRandomNumber( int numberOfDigits )

            System.Security.Cryptography.RNGCryptoServiceProvider rng = new System.Security.Cryptography.RNGCryptoServiceProvider();

            byte[] numbers = new byte[numberOfDigits * 2];

            rng.GetNonZeroBytes( numbers );

            string result = "";

            for( int i = 0; i < numberOfDigits; i++ )

                result += numbers[i].ToString();

            result = result.Replace( "0", "" );

            return result.Substring( 1, numberOfDigits );

using System;

using System.Text;

using System.Net.Http;

namespace SampleVsaRestApiClient

    class Program

        static void Main( string[] args )

            string Url = @"http://myvsa.com";

            string UserName = "UserName";

            string Password = "Password";

            // Getting authenticated...

            var h = new Hash( UserName, Password );

            var headerParam = Convert.ToBase64String(

                        Encoding.Default.GetBytes(

                            string.Format( "user={0},pass2={1},pass1={2},rpass2={3},rpass1={4},rand2={5}",

                                UserName,

                                h.CoveredSHA256Hash,

                                h.CoveredSHA1Hash,

                                h.RawSHA256Hash,

                                h.RawSHA1Hash,

                                h.RandomNumber ) ) );

            using( var client = new HttpClient() )

                client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue( "Basic", headerParam );

                Console.WriteLine( "Making request... " );

                var response = client.GetAsync( new Uri( string.Format( @"{0}/api/v1.0/auth", Url ) ) ).Result;

                Console.WriteLine( "StatusCode : " + (int)response.StatusCode + " " + response.StatusCode.ToString() );

                if( response.IsSuccessStatusCode )

                    Console.WriteLine( response.Content.ReadAsStringAsync().Result );

The following code sample illustrate how to build a C# client that can authenticate the VSA REST API.

class Program

using System;

using System.Net.Http;

using System.Text;

namespace SampleVsaRestApiClient

    class Program

        static void Main(string[] args)

            string url = @"http://myvsa.com";

            string username = "Username";

            string pat = "PAT";

            // Getting authenticated...

            var headerParam = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{username}:{pat}"));

            using (var client = new HttpClient())

                client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", headerParam);

                Console.WriteLine("Making request... ");

                var response = client.GetAsync(new Uri($"{url}/api/v1.0/auth")).Result;

                Console.WriteLine("StatusCode : " + (int)response.StatusCode + " " + response.StatusCode);

                if (response.IsSuccessStatusCode)

                    Console.WriteLine(response.Content.ReadAsStringAsync().Result);

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!