Introduction
The Amino Orchestrate server has a powerful API with many functionalities to facilitate control over the H-series devices.
This API requires SSL mutual authentication where the authentication is made via an x509 certificate.
This certificate is unique to every customer and therefore it should be requested on a per-need basis.
Prerequisites
This article assumes that you already have an Orchestrate account.
Summary
How to request API access
To use the Amino Orchestrate API, a security certificate is needed to grant access. This certificate is provided, per request, by Amino. To request it, and so that Amino can do it, it is first necessary to generate a CSR (Certificate Signing Request).
Certificate Signing Request
When generating the CSR, the Common Name (CN) must match, letter-by-letter, with the Amino Orchestrate domain name it will be used on.
This is how the CSR can be generated:
openssl req -new -newkey rsa:2048 -nodes -out <customer.csr> -keyout <customer.key>
The following fields will be requested:
Country Name (2 letter code) []:US
State or Province Name (full name) []:California
Locality Name (eg, city) []:Cupertino
Organization Name (eg, company) []:XXX Inc.
Organizational Unit Name (eg, section) []:IT department
Common Name (eg, fully qualified host name) []: <Please input the exact domain name in Orchestrate>
Email Address []:admin@xxxcompany.com
Once the CSR is generated, it can be shared with Amino, while the private key should be kept safe.
The request should be made over our support portal.
Amino Orchestrate certificate and how to use it
Once the CSR is processed by Amino, a CRT certificate file will be generated which can then be used to access the API.
Here's an example of what the Amino Orchestrate API call looks like:
curl --cert domain.crt --key domain.key --data "matchType=exact&sn=107-9999999" https://system.amino-orchestrate.com:2444/system/sapi/device/get
You can now access the Amino Orchestrate SDK page to see the full API command list here.
References