Authentication and Security
When starting work with Veeam Backup Enterprise Manager RESTful API, the clients must first authenticate themselves. Client authentication involves two steps:
- The client must log on to Veeam Backup Enterprise Manager with the user name and password. Veeam Backup Enterprise Manager RESTful API implements Basic HTTP Authentication as defined by RFC 2617.
- The client must obtain an authorization token that must be used in all requests during the current logon session.
Similar to user authentication in Veeam Backup Enterprise Manager Web UI, client authentication in RESTful API dictates what operations the client can perform when working with Veeam Backup Enterprise Manager RESTful API. That is, if the client is authenticated using an account that does not have enough permissions to perform some actions, it will not be able to execute them. For example, if the client logs on using the account with the Restore Operators role (the role that only allows restoring files via Veeam Backup Enterprise Manager Web UI), the client will not be able to perform such actions as job starting, stopping, editing and so on. When the client attempts to send a request to the corresponding URL, for example, a URL for job starting, it will get the Access denied error with the 403 Forbidden status code.