API Key Instead of User and Password
-
- Posts: 54
- Joined: Wed Dec 11, 2013 9:05 pm
API Key Instead of User and Password
Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: API Key Instead of User and Password
Just IMO, guessing one long key would be easier than guessing two different fields (username & password).emardotcom wrote:Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
Re: API Key Instead of User and Password
Stuart, key more secure? Why? Users sometime can't remember password, how come some users can remember key? ;)
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: API Key Instead of User and Password
As I can see in the code, this is already possible to use a KEY instead of user/password in the API.
Generate KEY:
v-generate-api-key
in api request use 'hash' parameter. example:
Generate KEY:
v-generate-api-key
in api request use 'hash' parameter. example:
Code: Select all
<?php
// Server credentials
$vst_hostname = 'server.vestacp.com';
$vst_hash = 'somerandomstringhashcode';
$vst_returncode = 'yes';
$vst_command = 'v-add-user';
// New Account
$username = 'demo';
$password = 'd3m0p4ssw0rd';
$email = '[email protected]';
$package = 'default';
$fist_name = 'Rust';
$last_name = 'Cohle';
// Prepare POST query
$postvars = array(
'hash' => $vst_hash,
'returncode' => $vst_returncode,
'cmd' => $vst_command,
'arg1' => $username,
'arg2' => $password,
'arg3' => $email,
'arg4' => $package,
'arg5' => $fist_name,
'arg6' => $last_name
);
$postdata = http_build_query($postvars);
// Send POST query via cURL
$postdata = http_build_query($postvars);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://' . $vst_hostname . ':8083/api/');
curl_setopt($curl, CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
$answer = curl_exec($curl);
// Check result
if($answer == 0) {
echo "User account has been successfuly created\n";
} else {
echo "Query returned error code: " .$answer. "\n";
}
?>
Re: API Key Instead of User and Password
First steps to make good docs for all of us, guys! ;-)
API documentation and examples:
http://vestacp.com/docs/API.pdf
CLI commands list and descriptions:
http://vestacp.com/docs/CLI.txt
API documentation and examples:
http://vestacp.com/docs/API.pdf
CLI commands list and descriptions:
http://vestacp.com/docs/CLI.txt