Example Python Airwatch API Authentication using CMSURL Authorization.
This example requires the cryptography package.
import base64
from cryptography.hazmat.primitives.serialization import pkcs12, pkcs7
from cryptography.hazmat.primitives import hashes, serialization
import requests
host = "example.awmdm.com"
signing_data = "/api/mdm/devices/bulksettings" # the part of the url to be signed
url = "https://" + host + signing_data
certfile = open("certificate.p12", 'rb')
cert = certfile.read()
certfile.close()
#p12 format holds both a key and a certificate
key, certificate, additional_certs = pkcs12.load_key_and_certificates(cert, "password".encode())
options = [pkcs7.PKCS7Options.NoCapabilities, pkcs7.PKCS7Options.DetachedSignature]
signed_data = pkcs7.PKCS7SignatureBuilder().set_data(
signing_data.encode("UTF-8"))
.add_signer(certificate, key, hashes.SHA1())
.sign(serialization.Encoding.DER, options)
signed_data = base64.b64encode(signed_data)
signed_data = signed_data.decode()
headers = {
"User-Agent": "username",
"aw-tenant-code": "api_key",
"Host": host,
"Authorization": "CMSURL'1 {}".format(signed_data),
'accept': 'application/json',
"version": "1",
}
response = requests.get(url, headers=headers)
print(response.content)
This example requires the chilkat package and requests.
# Python example for CMSURL authorization to the Airwatch/Workspace One API using chilkat
import chilkat
import requests
crypt = chilkat.CkCrypt2()
# Create cert object
cert = chilkat.CkCert()
# PKCS12 certificates contain both the certificate and private key
# This needs the path to the certificate and the password to access it
cert.LoadPfxFile("certpath", "certpassword")
# Set the signing certificate
crypt.SetSigningCert(cert)
# Indicate we want the resulting signature in base64 format:
crypt.put_EncodingMode("base64")
# Convert to utf-8 byte string before signing
crypt.put_Charset("utf-8")
# This is the part of the url that needs signed:
signing_url = "/api/mdm/devices/bulksettings"
# host and full url
host = "example.awmdm.com"
url = "https://" + host + signing_url
# Signed data in base 64 format
signed = crypt.signStringENC(signing_url)
# Generate headers
headers = {
"aw-tenant-code": api_key,
"Host": host ,
"Authorization": "CMSURL'1 {}".format(signed), # This is the format of the authorization header
'accept': 'application/json',
}
response = requests.get(url, headers=headers)