We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
API Key Instead of User and Password
-
- Posts: 54
- Joined: Wed Dec 11, 2013 9:05 pm
API Key Instead of User and Password
Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: API Key Instead of User and Password
Just IMO, guessing one long key would be easier than guessing two different fields (username & password).emardotcom wrote:Hello I was wondering why Vesta doesn't use a Key for login instead of username and password. Isn't it more secure to pass a key through post then your username and password?
If there is a key option I couldn't find it at http://vestacp.com/docs/api/ could you point me in the right direction?
Regards
_
Stuart
Re: API Key Instead of User and Password
Stuart, key more secure? Why? Users sometime can't remember password, how come some users can remember key? ;)
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: API Key Instead of User and Password
As I can see in the code, this is already possible to use a KEY instead of user/password in the API.
Generate KEY:
v-generate-api-key
in api request use 'hash' parameter. example:
Generate KEY:
v-generate-api-key
in api request use 'hash' parameter. example:
Code: Select all
<?php
// Server credentials
$vst_hostname = 'server.vestacp.com';
$vst_hash = 'somerandomstringhashcode';
$vst_returncode = 'yes';
$vst_command = 'v-add-user';
// New Account
$username = 'demo';
$password = 'd3m0p4ssw0rd';
$email = '[email protected]';
$package = 'default';
$fist_name = 'Rust';
$last_name = 'Cohle';
// Prepare POST query
$postvars = array(
'hash' => $vst_hash,
'returncode' => $vst_returncode,
'cmd' => $vst_command,
'arg1' => $username,
'arg2' => $password,
'arg3' => $email,
'arg4' => $package,
'arg5' => $fist_name,
'arg6' => $last_name
);
$postdata = http_build_query($postvars);
// Send POST query via cURL
$postdata = http_build_query($postvars);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://' . $vst_hostname . ':8083/api/');
curl_setopt($curl, CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
$answer = curl_exec($curl);
// Check result
if($answer == 0) {
echo "User account has been successfuly created\n";
} else {
echo "Query returned error code: " .$answer. "\n";
}
?>
Re: API Key Instead of User and Password
First steps to make good docs for all of us, guys! ;-)
API documentation and examples:
http://vestacp.com/docs/API.pdf
CLI commands list and descriptions:
http://vestacp.com/docs/CLI.txt
API documentation and examples:
http://vestacp.com/docs/API.pdf
CLI commands list and descriptions:
http://vestacp.com/docs/CLI.txt