Community articleGetting a cryptographic key
Added by IBM contributorIBM on June 23, 2014
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

A cryptographic nonce (number used once) key is a server-specified data string that is generated each time a 401 response is made. The server returns the data string to the client, and the client then passes that string unchanged back to the server with its subsequent request. Cryptographic keys prevent unauthorized access to data and protect against replay attacks. See RFC 2617 for more information about these keys.



A cryptographic nonce (number used once) key is a server-specified data string that is generated each time a 401 response is made. The server returns the data string to the client, and the client then passes that string unchanged back to the server with its subsequent request. Cryptographic keys prevent unauthorized access to data and protect against replay attacks. See RFC 2617 for more information about these keys.

About this task

To get a cryptographic key, complete the following steps:

Procedure

  1. Request a key from the Files server using the following URI:
  2. files_server/basic/api/nonce


    This creates an HTTP request that looks like this:

    GET /files/basic/api/nonce HTTP/1.1
    Authorization: Basic xxx
    Host: enterprise.example.com:9087
    Accept: */*

  3. From the HTTP response, find the key value, which is a data string that looks like this:
  4. 76FG092D5B5E14071F6FFA280D199900017F

  5. Pass that data string back to the server with your subsequent request as the value of the X-Update-Nonce parameter.