Yes we have used it, yes we have gone through the same pains and the
ridiculousness that is jumping through a lot of hoops for very little
(real) reason that I can see.
This all started many many years ago for me when I wrote essentially a
web scrapper for a Nagios check to make sure the warranty on the systems
was up to date: https://github.com/erinn/check_dell_warranty
Initially some folks from Dell contributed to he plugin, but then Dell
had a fit and issued take down notices revoking all of the API keys and
putting up the recaptcha . For a while there was NO API access, then an
increasingly convoluted number of steps had to be taken to get API
access which took an increasingly long amount of time.
To me, from a human perspective, it seems very very odd to make this so
hard to get this information. I mean, if you make it easy, perhaps you
sell more warranty renewals? If you make it hard, who wins? I am not
really sure, but whoever is driving this at Dell seems very sure.
We have found a solution of sorts by using Dell's plugins:
https://exchange.nagios.org/directory/Plugins/Hardware/Server-Hardware/Dell/Dell-EMC-OpenManage-Plug-2Din-for-Nagios-Core/details
which essentially do what we want. Somewhere in those scripts is (I am
sure) an API key that is being used to pull this information from their
API. So essentially we just use their tools because they made it such a
huge PITA to query the data independently.
Good luck to you on this, the churn seems fairly pointless from an
outside perspective, but maybe there are good reasons for it. And yes
our rep was told many many many times about this, but this is way too in
the weeds for a rep to understand.
-Erinn
On 4/1/20 10:07 AM, Kilian Cavalotti wrote:
Hi all,
I'm curious if anyone on this list is using the Dell Warranty API?
https://techdirect.dell.com/portal/AboutAPIs.aspx
This is an API that gives access to the same kind of warranty
information that can be found on the Dell support website at
https://support.dell.com: you input a service tag, and you get back a
machine's type, ship date, warranty status, expiration date, etc... We
(used to) use it to maintain inventory of Dell equipment in our
systems, get notifications about warranty expirations, and so on.
Now, this API has been through various versions over a relatively
short period of time (it's at v5 now), each revision being completely
incompatible with the previous one and requiring complete rewrite of
the tools interacting with it.
Over the versions, it also looks like Dell has been increasingly
worried about "security", as they went from an unauthenticated API, to
a version that required an API key to be passed with each request
(v4), an now to OAuth2 (v5) with tokens that expire after one hour...
Again, this is to protect information that is publicly available on
https://support.dell.com...
Despite explaining to our Dell reps that this move could not be
motivated by any real security consideration (the information is
public), that it would not prevent sharing of API keys (which they
seemed to be concerned about and cited as a reason to move to OAuth2)
because a client_id and a client_secret can be shared as easily as an
API key, and that it caused significant burden to customers while
adding unnecessary complexity on both Dell's and the customers' end,
they moved forward anyway. Because OAuth2 is the cool thing these
days, no matter how relevant it is, I guess Dell seemed compelled to
do it too.
Anyway, I was just wondering if anyone else was using that API (or
used to use it), and what your approach was to what clearly appears a
security theater. If you gave hell to your Dell reps about it, I'd
love to hear it too, I'd feel less lonely. :)
Thanks!
_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
