I choose JSON web tokens as the way to manage authentication with PowerXaas.

/connect endpoint

There is a special endpoint for authenticating : /connect.

You must call it that way :

$Body = '{"Username":"<yourname>","password":"<yourpassword>"}'
$Result = Invoke-WebRequest -Uri https://<ipaddress>:<port>/api/v1/connect -Method POST -Body $Body
$Result.Content | ConvertFrom-JSON

Token and headers

The object it returns contains a token, the API version, the username and an expiration date.

The token will then be used until expiration date to authenticate by placing it in the headers of next requests :

$Token = ($Result.Content | ConvertFrom-JSON).Token
$Headers = @{"Authorization" = "Bearer " + $Token}
$Result = Invoke-WebRequest -Uri https://<ipaddress>:<port>/api/v1/version -Method GET -Headers $Headers

You will also probably need that code before :

add-type @"
  using System.Net;
  using System.Security.Cryptography.X509Certificates;
  public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
      ServicePoint srvPoint, X509Certificate certificate,
      WebRequest request, int certificateProblem) {
        return true;
      }
  }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

Authentication and authorization management scripts

There are 2 scripts designed to manage authentication and authorization : connect.ps1 and Request-Authorization.ps1

Connect.ps1 is part of the API since it is an endpoint exposed to clients. This is the one used for authentication. You may need to update it your own way to match your needs.

Request-Authorization.ps1 is used to manage authorizations. You also may need to update it your own way to match your needs.

I Hope I will be able to propose a more mature solution for next releases of PowerXaaS.