How bypass authentication for Protect API?

Question

How bypass authentication for Protect API?

kennethgomez01 opened this issue a year ago · 8 comments

I was wondering how would I call URL an api directly from Action, while protecting the api links by enabling "Protect API" from Local Server menu? I was trying to start an rtmp-view by calling the api url, while calling "http://user:pass@localhost:8090/?q.json?cmd=start-rtmp-view&ident=indent&ind=0" , or using the BASIC Auth header but it all causing an error from the log.

Answer 1 · 2023-10-27T10:22:13.000Z

what are you putting in the header field and what error are you getting in the logs at /logs.html?

Answer 2 · 2023-10-27T10:32:44.000Z

I just put the value for Basic Auth Header value that I got from the ispy official website after filling up my username and password (Admin account on my local ispy server) to generate these values, and placed this value in the Authorization Header field as format "BASIC value"

`

AM	Process: {"error":"Uncheck Protect API in server settings - local server or provide Basic Authentication using an admin user account."}

`

ProcessAlertEvent: Cannot access a disposed object. Object name: 'System.Net.HttpWebResponse'. at System.Net.HttpWebResponse.CheckDisposed() at System.Net.HttpWebResponse.get_StatusCode() at CoreLogic.Objects.Helpers.AlertProcessor.ProcessAlertEvent(IAgentControl io, IAgentControl source, objectsActionsEntry ev, String message, String tags, String aijson, String filename, String zoneList)

Answer 3 · 2023-10-27T12:09:56.000Z

ah looks like it's case sensitive, so should be
Basic YOURAUTH
will make it not case sensitive

Answer 4 · 2023-10-27T12:30:13.000Z

I tried changing it to Basic MyAuth, and the problem still occured

Answer 5 · 2023-10-27T12:32:25.000Z

I just want to protect the API from unauthorize users, while I can still access it freely.

Answer 6 · 2023-10-27T13:09:03.000Z

working here -

logs:
Camera 1: ProcessAlertEvent: Processing URL (http://localhost:8090/command.cgi?cmd=getStatus)
ProcessAlertEvent: Response Code: OK

Answer 7 · 2023-10-27T13:17:49.000Z

http://user:pass@localhost:8090/?q.json?cmd=start-rtmp-view&ident=indent&ind=0
.. isn't a valid URL should be

http://localhost:8090/q.json?cmd=start-rtmp-view&ident=ident&ind=0

you have an extra ? in there

Answer 8 · 2023-10-27T13:42:07.000Z

@ispysoftware Thanks ,I think the removing the extra punctuation and adding slash on the url makes it works.