Rate this Content

0 Rates
0 %

How to delete a device from SA Server using the Web API

Applies to

SAServer / ID Confirm 1000


Currently there is no easy way from the SA Server Admin Portal interface to delete a device that has out-lived its usefulness.  However, SA Server provides a nice Web API to allow you to do this. 

The web API is a REST interface, which basically means you will need to send some data (typically XML) over a HTTP interface to the server.  To send these requests, I use a tool called Fiddler, which can be downloaded >>HERE<< . Fiddler is a web debugging proxy that allows you to inspect/fiddle with HTTP(s) traffic between your computer and the Internet.  It"s a handy tool to have if you do not know about it.

Note: By default, Fiddler does not decrypt HTTPS traffic.  If you want to use Fiddler with HTTPs, >>this article<< will tell you how.

Before you can delete a device from your SA Server, you need to make sure that:

  • the device is not linked to any user
  • the device is in the revoked state

I assume that you have an account on your SA Server with the proper privileges and you're using an OATH device to login to this account.

Step 1: Start Fiddler

Your Fiddler window should look something like below: 


Step 2: Establish an authentication session with SA Server.

We will do this by sending an authentication request via the web API.  In Fiddler, click on the "Request Builder" tab in Fiddler.


Select POST for the request type and enter the web API URL for authentication.


This URL should look something likehttps://www.yourdomain.com/saserver/api/auth/oath.
Replace [your-domain]/[saserver] with your SA Server installation URL. 

Under Request headers, enter:

content-type: text/xml

Under Request body, enter:

<?xml version="1.0" encoding="ISO-8859-1" ?> 

Be sure to change the user ID/OTP/Password to real values. 

Click the Execute button to send the request.  You should see a new entry in the Web Sessions area on the left.  Double click on it and the Inspectors tab should open.  Click Raw tab to see the response from the server in its raw format.  What we"re looking for is the JSESSIONID.  Copy this value, we will need it for step 3.


Note: if you get anything other than a 200 OK response, then something went wrong with your authentication request.

Step 3: Send web API request to delete a device.

Build another request in Fiddle"s request builder. 

Select POST for the request type and enter the web API URL for manage device.


This URL should look something like https://www.yourdomain.com/saserver/api/devices/oath/0442000100000222.  Replace [your-domain]/[saserver] with your SA Server installation URL.  Replace [device-type] with either oath, emv, or otb.  Replace [id] with the smart card ID (for oath/otb) or pan:psn (for emv) of the device you want to delete.

Under Request headers, enter:

Content-Type: application/x-www-form-urlencoded

Be sure to replace YOURSESSIONIDGOESHERE with the real JESSIONID you obtained in step 2.

Under Request body, enter:


Click the Execute button to send the request.  If you"ve done everything correctly, the server should return a 204 response and device is now deleted!


To top

No comments
Add comment

* - required field


CAPTCHA image for SPAM prevention If you can't read the word, click here.


Latest updated pages