OK, more data.
When we post to "/api/sessionMngr" the user ID and credentials, we get back following response (raw XML follows):
- Code: Select all
<?xml version="1.0" encoding="utf-8"?><LogonSession Type="LogonSession" Href="https://msc-lex-sm000.thinkmsc.net/api/logonSessions/[UUID removed]" xmlns="http://www.veeam.com/ent/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><Links><Link Href="https://msc-lex-sm000.thinkmsc.net/api/" Type="EnterpriseManager" Rel="Up"/><Link Href="https://msc-lex-sm000.thinkmsc.net/api/reports/summary" Name="Summary" Type="Report" Rel="Down"/><Link Href="https://msc-lex-sm000.thinkmsc.net/api/logonSessions/[UUID removed]" Type="LogonSession" Rel="Delete"/></Links><UserName>THINKMSC\maryville_vmw.sa</UserName><SessionId>[UUID removed]</SessionId></LogonSession>
Note the "UserName" is provided in the reply, which we understood from the docs indicating that it understood the login credentials and sucessfully logged us on. Is that true, or not true? We do get back a header "X-RestSvcSessionId", which is later used for requests. The statement of "only indicates we can run reports" is assumption on our part that the "Link" element of "Type=Report" is indicating it will accept requests from us for reports. Docs have an example that also shows links for "/api/backupServers", "/api/jobs", etc. We do not see those in our login response.
Assuming we can rework the code to use an alternate account, what will that tell us? If a different account works, is it because of some access setting on the server that is not set for this account? We have not yet found documentation that helps clarify if there are any access control restriction/permission settting required for access to XML API.
Note: Text string "[UUID removed]" represents an GUID provided in the original response which we've removed for security reasons. There were 3 occurrences, and all of the same value.