Public/Connect-MITServer.ps1
function Connect-MITServer { <# .SYNOPSIS Connectot a MOVEit Transfer server and create an auth token. .DESCRIPTION Create an auth token using the /api/v1/token endpoint. Call before calling any other Get-MIT* commands. .EXAMPLE Connect-MITServer User is prompted for parameters. .EXAMPLE Connect-MITServer -Hostname 'moveit.server.com' -Credential (Get-Credential -Username 'admin') Supply parameters on command line except for password. .INPUTS None. .OUTPUTS String message if connected. .LINK Retrieve API token https://docs.ipswitch.com/MOVEit/Transfer2021/API/rest/#operation/Auth_GetToken #> [CmdletBinding()] param ( # Hostname for the endpoint [Parameter(Mandatory=$true)] [string]$Hostname, # Credentials [Parameter(Mandatory=$true)] [pscredential]$Credential, # OTP for MFA [Parameter()] [ValidatePattern('^\d{3}\s?\d{3}$')] [string]$Otp ) try { # Clear any existing Token or Base Uri settings. These will be set if the connection is # successful. $script:Token = @() $script:BaseUri = '' # Set the Base Uri locally for now. Will update the script-level variable if # the connection is successfu. $baseUri = "https://$Hostname/api/v1" # Build the request $uri = "$baseUri/token" $params = @{ Method = 'POST' ContentType = 'application/x-www-form-urlencoded' Headers = @{Accept = "application/json"} } # This try/catch block will be to catch and handle the exception that is thrown # if MFA is required. try { $response = @{ grant_type = 'password' username = $Credential.UserName password= $Credential.GetNetworkCredential().Password } | Invoke-RestMethod -Uri $uri @params -UserAgent 'MOVEit REST API' } catch [System.Net.Http.HttpRequestException], [System.Net.WebException] { if ($_.Exception.Response.StatusCode -eq 401) { $response = ($_.ErrorDetails.Message | ConvertFrom-Json) $isMfaRequired = ($response.error -eq 'mfa_required') } if (-not $isMfaRequired) { # Must have been some other error so let's re-throw it. throw $_ } } if ($isMfaRequired) { Write-Verbose "MFA Authentication is required" # Resubmit to the same endpoint, using otp as the granttype, # the mfa_access_token given in the error in the mfa_access_token field, # and the 6 digit code from your authenticator in the otp field. if (-not $Otp) { $Otp = Read-Host -Prompt "Enter 6-digit verification code" } $response = @{ grant_type = 'otp' mfa_access_token = $response.mfa_access_token otp = $otp } | Invoke-RestMethod -Uri $uri @params -UserAgent 'MOVEit REST API' } if ($response.access_token) { $script:BaseUri = $baseUri $script:Token = @{ AccessToken = $Response.access_token CreatedAt = $(Get-Date) ExpiresIn = $Response.expires_in RefreshToken = $Response.refresh_token } Write-Output "Connected to MOVEit Transfer server $Hostname" } } catch { $PSCmdlet.ThrowTerminatingError($PSItem) } } |