Page 1 of 1
API Key Instead of User and Password
Posted: Sat Dec 06, 2014 7:35 pm
by emardotcom
Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at
http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
Re: API Key Instead of User and Password
Posted: Sun Jan 17, 2016 12:01 am
by BBuchanan1013
emardotcom wrote:Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at
http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
Just IMO, guessing one long key would be easier than guessing two different fields (username & password).
Re: API Key Instead of User and Password
Posted: Sun Jan 17, 2016 2:17 pm
by skurudo
Stuart, key more secure? Why? Users sometime can't remember password, how come some users can remember key? ;)
Re: API Key Instead of User and Password
Posted: Sun Jan 17, 2016 5:15 pm
by tjebbeke
As I can see in the code, this is already possible to use a KEY instead of user/password in the API.
Generate KEY:
v-generate-api-key
in api request use 'hash' parameter. example:
Code: Select all
<?php
// Server credentials
$vst_hostname = 'server.vestacp.com';
$vst_hash = 'somerandomstringhashcode';
$vst_returncode = 'yes';
$vst_command = 'v-add-user';
// New Account
$username = 'demo';
$password = 'd3m0p4ssw0rd';
$email = '[email protected]';
$package = 'default';
$fist_name = 'Rust';
$last_name = 'Cohle';
// Prepare POST query
$postvars = array(
'hash' => $vst_hash,
'returncode' => $vst_returncode,
'cmd' => $vst_command,
'arg1' => $username,
'arg2' => $password,
'arg3' => $email,
'arg4' => $package,
'arg5' => $fist_name,
'arg6' => $last_name
);
$postdata = http_build_query($postvars);
// Send POST query via cURL
$postdata = http_build_query($postvars);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://' . $vst_hostname . ':8083/api/');
curl_setopt($curl, CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
$answer = curl_exec($curl);
// Check result
if($answer == 0) {
echo "User account has been successfuly created\n";
} else {
echo "Query returned error code: " .$answer. "\n";
}
?>
Re: API Key Instead of User and Password
Posted: Fri Sep 23, 2016 12:43 pm
by skurudo
First steps to make good docs for all of us, guys! ;-)
API documentation and examples:
http://vestacp.com/docs/API.pdf
CLI commands list and descriptions:
http://vestacp.com/docs/CLI.txt