...

Authentication is via login name and password for a RAO or DRAO admin. The customerUri is "sunet".

For semiautomatic API use, for example scripts run by a person on the command line, it is fine to use the normal admin user for that person.

For fully automated API use, we We recommend that your create separate RAO or DRAO admins to use with the API instead of reusing the same admins as for web UI work. To create an API-only admin:

• Use your RAO to create the new admin as you would create a "normal web UI admin", including setting a temporary password. You will not be able to use the API with this temporary password.
• Login to the new admin in the SCM and perform the mandatory initial password change for it.
• Back with your original RAO, edit select the new admin and set the "WS API use only" flag for ituse the Change Type button to change this user to an API user.

More gotchas we have discovered, so you do not have to discover them too:

• To be allowed to use the You may need to enable API calls for handling certificates, you must edit the appropriate your Organization or Department object, and on the SSL Certificate tab, enable the Web API checkbox. You will be required to provide a value for the Secret Key field too. Enter a good random value there and promptly forget it (it is not used for the current REST API but for an older SOAP API). Select it in the admin interface, use the Certificate Settings button in the information card at the right, Select SSL Certificates in the dialog, enable "Enable Web / Rest API" and save.
• Be aware that the "serverType": -1 in their certificate enroll example refers to the "other" Server Software type, so if you have removed that when cleaning up useless Server Software types, that example will not work.

...