Access control and throttling¶

Access control¶

The API is available to any user that has access to the regular management server interface. Each application that integrates with Bonding Internet should be given its own user account, and the account should be given the minimum permissions necessary for the application to work (i.e. don’t put the account in the Administrator group unless the application really needs every single permission). Like the regular web application, the API uses SSL encryption for security.

Two methods are provided for gaining access to the API:

Cookie-based session authentication. This is the method used by web browsers. To use this method, you must first log in to the regular web application.
HTTP basic authentication. HTTP clients and programming libraries differ in how this authentication method is configured; please see your client’s documentation for details.

Applications should log in with their email address and password.

Warning

An account’s username can be used for authentication, but this was deprecated in SD-WAN 2015.4. Username authentication will be removed in a future release. Existing applications should be updated to log in with an email address.

Throttling¶

The management server API performs no request throttling.