SABnzbd Forums


https://237678.vipkidinterhk.tech/

API not working if login is deactivated

https://237678.vipkidinterhk.tech/viewtopic.php?t=26487

Page 1 of 1

API not working if login is deactivated

Posted: January 22nd, 2024, 5:32 am
by T3rr0rZw3rg
Hey Guys,

I deactivated the requirement to log into sabnzb by deleting user and password from the sabnzbd.ini file. However, after doing this, the arrs can not connect to sabnzbd any more using the API key. I assume, that the API key isn't required as soon the user and password is deactivated, but then this should be reflected in the API key, because it is still shown in the API.
However, I'd prefere to be able to set an API key, even if there is no user/password required, all the arrs won't work if no API & no user+password provieded.

Error Message in sabnzbd:
2024-01-22 11:33:23,052::WARNING::[interface:385] Refused connection with hostname "binhex-sabnzbd" from: 192.168.96.5 [Sonarr/4.0.1.929 (arch 1.0)]

Unfortunately I can not post the error message from Sonarr since I'm not allowed to post links (which are pathes of my network) as a new User.

Have a great day
Zw3rg

Re: API not working if login is deactivated

Posted: January 22nd, 2024, 6:11 am
by safihre
https://sabnzbd.org/wiki/extra/hostname-check.html
Will solve your problem!

Re: API not working if login is deactivated

Posted: January 22nd, 2024, 6:11 am
by sander
AFAIK that does not have to do with you GUI credentials begin empty or not.

Proof:

Empty GUI credentials:

Code: Select all

sander@brixit:~$ cat ~/.sabnzbd/sabnzbd.ini | grep -i -B1 passw | head -2
username = ""
password = ""
... and API just works:

Code: Select all

sander@brixit:~$ curl 'http://localhost:8080/sabnzbd/api?output=json&mode=queue&apikey=5f1ab89378cd4b0caccdf3a0f5e93026'
{"queue":{"version":"4.2.2Beta1","paused":false,"pause_int":"0","paused_all":false,"diskspace1":"57.82","diskspace2":"69.15","diskspace1_norm":"57.8 G","diskspace2_norm":"69.1 G","diskspacetotal1":"108.98","diskspacetotal2":"4657.40","speedlimit":"100","speedlimit_abs":"104857600","have_warnings":"2","finishaction":null,"quota":"0 ","have_quota":false,"left_quota":"0 ","cache_art":"0","cache_size":"0 B","kbpersec":"0.00","speed":"0 ","mbleft":"0.00","mb":"0.00","sizeleft":"0 B","size":"0 B","noofslots_total":0,"noofslots":0,"start":0,"limit":0,"finish":0,"status":"Idle","timeleft":"0:00:00","slots":[]}}

Re: API not working if login is deactivated

Posted: January 22nd, 2024, 6:37 am
by T3rr0rZw3rg
safihre wrote: January 22nd, 2024, 6:11 am (not allowed to repost your link)
Will solve your problem!
indeed, I just don't understand why it's working if login is enabled but doesn't work when login is disable. But I'll take it!

Re: API not working if login is deactivated

Posted: January 22nd, 2024, 7:09 am
by safihre
If a username and password is enabled, the stealing technique explained in the link can't be used to steal the API key.

Re: API not working if login is deactivated

Posted: July 8th, 2024, 12:12 pm
by MikeDeez
I found that the entering values into Settings -> Special -> host_whitelist corrected the Authelia induced issue when LunaSea (and other 3'rd party apps) are used.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited