Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

All API calls return Unauthorized. #4

Closed
voice1 opened this issue Jul 19, 2020 · 2 comments
Closed

All API calls return Unauthorized. #4

voice1 opened this issue Jul 19, 2020 · 2 comments

Comments

@voice1
Copy link
Contributor

voice1 commented Jul 19, 2020

Been looking for a way to do API calls on pfsense. Specifically regarding Aliases, when I came across your package.
Unfortunately it seems that no matter what I do everything returns

 'code': 401,
 'return': 3,
 'message': 'Authentication failed'}```

I have tried creating a new user called API, tried changing to token auth, with no change.

Unfortunately, there is no documentation on how to really do an API call, but I was able to use your other issue to extract the URL format and found that basically the exposed API is found here https://github.com/jaredhendrickson13/pfsense-api/tree/master/pfSense-pkg-API/files/usr/local/www/api.

_I could help update some documentation if I could get it to connect_
@jaredhendrickson13
Copy link
Owner

jaredhendrickson13 commented Jul 20, 2020

My apologies for the lack of documentation, this API is still very much a work in progress and I unfortunately have less time to work on it than I had hoped. Any contributions to documentation would be very much appreciated.

By default, the API will use the same credentials as the pfSense webConfigurator. A client-id and client-token must be specified in your payload to authenticate the API call. Your client-id and client-token will differ depending on which auth mode you have set in the General > API settings page within the UI:

  • Local database is the default setting. This will allow you to authenticate using the same credentials as an existing UI user. Your client-id will be your UI username, and the client-token will be your UI password. For example, https://localhost/api/v1/users/?client-id=admin&client-token=pfsense
  • Base64 will also allow you to use an existing UI user, but the client-id and client-token parameters must be Base64 encoded in your payload. For example, https://localhost/api/v1/users/?client-id=YWRtaW4K&client-token=cGZzZW5zZQo
  • API Token will allow you to generate unique API tokens that will remain static. You can create an API token by setting the auth mode to API Token within the General > API settings page in the UI. You will need to save the changes, then a button to generate an API token will appear. You should get a dialogue containing the client-token (which will only be displayed once) and your client-id can be found in the API tokens table at the bottom of the page. For example, https://localhost/api/v1/users/?client-id=61646d696e&client-token=4ef51f460b78cc1ff0d6667b447b3031

Let me know if this allows you to authenticate.

@voice1
Copy link
Contributor Author

voice1 commented Jul 22, 2020

Thank you for the clarification, typically when one reads HTTP Basic auth, the process is performed using that protocol, and can be performed with curl's --username param.
Not sure how pfSense is performing it under the hood. Passing the URL parameters however does work, although this is probably not the most secure method, it does work. - Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants