REST API Getting Started Problems

Discussion in 'Developers' Forum' started by petzsch, Feb 2, 2017.

  1. petzsch

    petzsch New Member

    I'm fiddeling arround with the REST API and would like to autenticate my customers against ISPConfig (prior to letting them order stuff). I've looked at but couldn't find a client_login function. So I guess I will need to use client_get_by_username and compare the hashed password against what the user gave me.

    What I also noticed is that when posting my session_id to json.php?get_function_list I allways get a "message": "You do not have the permissions to access this function."

    Any help would be appreciated. :)
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats's probably the best way.

    Did you enable all checkboxes for the remote user?
  3. petzsch

    petzsch New Member

    testwise, yes. still the same error.
    all i wanted are the client and billing functions.
  4. petzsch

    petzsch New Member

    Got the Auth middleware working :)

    // Application middleware

    // e.g: $app->add(new \Slim\Csrf\Guard);
    use \Slim\Middleware\HttpBasicAuthentication\AuthenticatorInterface;

    ISPConfigAuthenticator implements AuthenticatorInterface
        public function 
    __invoke(array $arguments)
    $salt "$1$";
    $base64_alphabet 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
                for (
    $n 0$n 8$n++) {
    $salt .= $base64_alphabet [mt_rand(063)];
    $salt .= "$";

            if (
    $arguments ['user'] == NULL) return false;

    $http = \Httpful\Request::post("https://ISPCONFIG_URL/remote/json.php?login")->sendsJson()->body('
                "username": "API_USER",
                "password": "API_PASSWORD"
    $session $http->body->response;
    $http = \Httpful\Request::post("https://ISPCONFIG_URL/remote/json.php?client_get_by_username")->sendsJson()->body('
                "session_id": "' 
    $session '",
                "username": "' 
    $arguments ['user'] . '"
    $saved_password stripslashes($http->body->response->passwort);
            if (
    crypt(stripslashes($arguments ['password']), $saved_password) != $saved_password)
            else {
    $GLOBALS ['cid'] = $http->body->response->userid;

    //$app = new \Slim\App ();

    $app->add(new \Slim\Middleware\HttpBasicAuthentication ([
    "path" => "/domains/",
    "realm" => "Protected",
    "authenticator" => new ISPConfigAuthenticator ()
    A client_login function would be appreciated in the future for simple SSO :)
    till likes this.

Share This Page