new API command

Want something added? Ask for it here.
Post Reply
dogzipp
Newbie
Newbie
Posts: 49
Joined: April 3rd, 2012, 5:27 pm

new API command

Post by dogzipp »

This should be simple to add in the current beta cycle, so it could make it into 7.0

Is there any way to add command to the API to check what type of API key I am sending? (full or add-nzb).

I am trying to validate right now what type of key the users enters, depending on this key I know I can give them UploadNZB functionality, and if they use the full key I can give them Queue functionality as well.

But there's no easy way to check. Trying to use the add-nzb key with Queue commands, just returns an invalid API key... but I have no way in knowing if it's an invalid API, or if I am just using one with not enough permissions.

So either a command to check the type of API key being used, or a better working of the error "invalid API key", in case the API is correct, but it just doesn't have enough permissions. (like "invalid API type").

Another one, and a little more complicated. Hoefully at some point the API can run on a separate port, so I don't have to open up access to the webpage (with or without password). Or maybe to be able to use a list of IPs, where incoming connections are accepted from.

Thanks and keep up the good work. I ditched nzbget alltogether, and I am happily running 0.7 on my DroboFS now.
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: new API command

Post by shypike »

dogzipp wrote:This should be simple to add in the current beta cycle, so it could make it into 7.0
This API function is already available.
The "auth" call takes an optional "key" parameter and will return either "apikey" or '"nzbkey".

However, there's a bit of a problem with "auth".
If you have a username/password set, this will override the keys and return "login".
This is incorrect, because the API calls always use either of the keys, unless the key feature is disabled,
in which case the username/password is checked instead.
I'll correct that in Beta3.
Also it will now return 'apikey' when you send a bad key. I'll make that return 'badkey' instead.

There won't be an extra port. The fact that we need any port is already hard enough.
It's also not needed, you never need more than the API-key or NZB-key to get access.
Even when a username/password has been set.

Example:

Code: Select all

curl http://localhost:8080/sabnzbd/api -F key=MYKEY -F mode=auth -F output=json
dogzipp
Newbie
Newbie
Posts: 49
Joined: April 3rd, 2012, 5:27 pm

Re: new API command

Post by dogzipp »

Thanks for your replies and the hard work.
Caffeine
Newbie
Newbie
Posts: 16
Joined: May 13th, 2011, 12:40 pm

Re: new API command

Post by Caffeine »

shypike wrote: This API function is already available.
The "auth" call takes an optional "key" parameter and will return either "apikey" or '"nzbkey".
Hi,

I'm the developer of the SABdrop Chrome extension and I was wondering if the "auth" method is broken, possibly through the change mentioned above?
Before SABnzbd 0.7.x the "key" attribute was not required and SABnzbd always returned either "none", "apikey" or "login". But now I got reports from users of my extension that the connection verification is broken even though all credentials are correct.

It seems that in SABnzbd 0.7.x when API key authentication is enabled SABnzbd will always return "badkey" if no "key" attribute is passed to "auth". What I would expect is that SABnzbd behaves like >= 0.6 when no "key" attribute is specified, either returning "none", "apikey" or "login". How would I check what authentication method the SABnzbd instance provides if I don't have an API key yet?

Also this new behaviour is not documented in the API documentation.
Would be great for me and other extension developers if you could keep this documentation up to date and don't introduce too much backwards incompatible changes to the API.

Many thanks!
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: new API command

Post by shypike »

If you don't supply a key, then you'll get "badkey".
This tells you that you need one.
What changed is that there's now also an "nzb-key", which gives limited access.
The "auth" function tells which kind of key you got.
What are you using "auth" for?

The API info on the Wiki is out of date and we're working on a replacement.

BTW: it is possible to restore the old behaviour when no key is given.
Not sure if that will help, all other 0.7.x have the behaviour.
That's since about six months.
Caffeine
Newbie
Newbie
Posts: 16
Joined: May 13th, 2011, 12:40 pm

Re: new API command

Post by Caffeine »

shypike wrote:If you don't supply a key, then you'll get "badkey".
This tells you that you need one.
What changed is that there's now also an "nzb-key", which gives limited access.
The "auth" function tells which kind of key you got.
What are you using "auth" for?
Well, I thought the "auth" method is for finding out which authentication methods a SABnzbd instance supports. Previously it was possible to query that information without the need for an API key. So I was able to find out if username/password or API key authentication is required.
Post Reply