I am in the process of writing a Perl Module to interface between our consolidated reporting system and the WHD API. I found that I had issues with just using straight authentication, and have made use of the session-based authentication instead. Having written the library in OO Perl, when I instantiate the object, I then perform a login, after which it uses the session key as the security token.
Additionally, I would strongly recommend using https as otherwise you are exchanging authentication data in clear text. My understanding is that, apart from generating the API Key, no other permissions are required in order to use the API. Access to information is then controlled by whatever account you are using. There is also the option of using an Application API Key, which would have complete access.
At present I am using a Tech API Key, and am finding that this is working well for us.
Essentially to get a session you need to first make a call to /ra/Session with the username and API Key supplied. The response contains the Session key to use from then on.
Hope that helps you out.
John Berkers :: Senior Security Engineer
IPSec Pty Ltd
Thanks for your comment. I think first of all we have to config https setup. Then, we have to look some perl or php script for server side login using apikey.
I am not much Perl programming person but I will look what I can do.