6.1.7. Registering the Agent
The purpose of registering the Agent is to acquire a token that is included in the payload sent to the server. This token serves as a validation mechanism to ensure that the payload originates from a secure source. Since the API call is publicly accessible, anyone can send information to it. By verifying the token, we can confirm that the payload originates from a legitimate OpenNAC Agent and a valid user. This validation can be based on either possessing a token or belonging to an authorized domain.
To enable Agent registration, the client should have an option called “Register Agent” within the Agent interface. Clicking on this option will open a window where the user can enter their username and password. This information is then sent to the server via a POST call. If the provided credentials are valid, the server will return a token. For subsequent requests, the Agent includes this token in the payload, specifically within the OPENNAC JSON object.
{
"OPENNAC": {
"UID": "080027B598B8",
"TIMESTAMP": "1594630875",
"TYPE": "service",
"VPNVERSION": "1",
"PLATFORM": "WINDOWS",
"VERSION": "1.0.10000",
"MONITOR_TYPE": "Pipe",
"USED_INTERFACE_IP": "10.0.3.15",
"TOKEN": "164cc268-dd31-11ea-b9ca-6f6e636f7265"
},
…
}
6.1.7.1. Data sent to server
Username, password and hardwareId as form-data.
The server host, in this case 10.21.1.36, should be the one used to send the scan data.
6.1.7.2. Response from server
The status of the response is always 200 OK. If the authentication was successful or not, it will be detected by the received JSON, specifically, a result parameter that will return “ok” or “error”.
Successful authentication:
JSON object with a result and a token.
{
"result": "ok",
"token": "5bdf4ccc-dc83-11ea-b96f-6f70656e6e61"
}
-Unsuccessful authentication:
JSON object with a result and a reason.
{
"result": "error",
"reason": "invalid credentials"
}