For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Prakash_Krishna's avatar
Prakash_Krishna
Icon for Nimbostratus rankNimbostratus
May 03, 2014

Providing right credential to connect the F5 device using RestAPI is always throwing 401 error

Hi All,   Here I am using RestAPI to connect to the device. I am always getting the http 401 error even my credentials are right and able to reach the same url using webbrowser.   Can anybody h...
application delivery
cisco
cloud
iControlREST
LTM
management
brad_11480's avatar
brad_11480
Icon for Nimbostratus rankNimbostratus
Mar 14, 2017

any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.

 

brad_11480's avatar
brad_11480
Icon for Nimbostratus rankNimbostratus
Aug 02, 2017

Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.

 

This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.

 

Note that generating a token is useless alternative since they expire in 8 hours.

 

Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.