000029862 - How to generate a Session Token with REST API in RSA Archer

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Mar 28, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029862
Applies ToRSA Product Set: Archer

RSA Product/Service Type: REST API
RSA Version/Condition: All
  1. Build out the body using a JSON object with the Name/Value pairs.

Dim oBody As New JObject(New JProperty("InstanceName", txtInstanceName.Text), _
                        New JProperty("UserName", txtArcherUser.Text), _
                        New JProperty("UserDomain", ""), _
                        New JProperty("Password", txtArcherPassword.Text))


  1. Call the RestPost function with the login Url and pass the JSON object with values.

Dim results As String = RestPost(txtInstanceUrl.Text, "api/core/security/login", "POST", "", "json", 200, oBody.ToString)


  1. Parse out the Session Token from the results.

txtSessionToken.Text = JObject.Parse(results)("RequestedObject")("SessionToken").ToString

The following RestPost function is used to call the REST API in step 2 above.

Private Shared Function RestPost(sBaseUri As String, sApi As String, sVerb As String, sSession As String, sType As String, iCode As Integer, sBody As String) As String

        Dim sHeader As String = ""
        Dim sUri As String = ""
        Dim sAccept As String = "application/"

        ' Construct the Uri
        sUri = sBaseUri & sApi

        Dim vUri As New Uri(sUri)
        Dim vClient As New HttpClient

        vClient.BaseAddress = vUri

        ' Construct the request header and body
        If sSession <> "" Then
            sHeader = "Archer session-id=""" & sSession & """"
            vClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", sHeader)
        End If

        sAccept += sType

        Dim vContent As StringContent = New System.Net.Http.StringContent(sBody, Encoding.UTF8, "application/json")

        vClient.DefaultRequestHeaders.TryAddWithoutValidation("Accept", sAccept)

        If sVerb.ToUpper() = "GET" Then
            vClient.DefaultRequestHeaders.TryAddWithoutValidation("X-Http-Method-Override", "GET")
        End If

        ' Post the request, get results
        Dim vResponse As HttpResponseMessage = vClient.PostAsync(vUri, vContent).Result
        Dim sStatus As String = vResponse.StatusCode.ToString()
        Dim sResult As String = vResponse.Content.ReadAsStringAsync().Result
        Dim statusCode As HttpStatusCode = vResponse.StatusCode
        Dim iCodeNumber As Integer = CInt(statusCode)

        ' Check if the returned Status Code is what was expected
        If iCodeNumber <> iCode Then
            MsgBox("REST Failure: (" & statusCode & ") " & statusCode.ToString)
        End If

        Return sResult
    End Function

To see the results in JSON format, parse the results to string.  This isn't required, but helps to see what the results look like.

txtResults.Text = JObject.Parse(results).ToString


Results in JSON format:

  "Links": [],
  "RequestedObject": {
    "SessionToken": "BE64F897C383B1C0654DD6337CDAD5CB",
    "InstanceName": "Archer",
    "UserId": 362,
    "ContextType": 0,
    "UserConfig": {
      "TimeZoneId": "Central Standard Time",
      "TimeZoneIdSource": 1,
      "LocaleId": "en-US",
      "LocaleIdSource": 1,
      "LanguageId": 1,
      "LanguageIdSource": 1,
      "PlatformLanguageId": 1,
      "PlatformLanguageIdSource": 1
    "Translate": false
  "IsSuccessful": true,
  "ValidationMessages": []