API access without token is possible

Question

API access without token is possible

Closed this issue 8 years ago · 1 comments

In the README file it says

-t, --token string Token for API Access (default "secret")

but when I launch shaman with shaman -s -H 0.0.0.0:1632 -O 0.0.0.0:53 -i then I can query the API with curl using curl http://192.168.56.3:1632/records without having to specify a X-AUTH-TOKEN header. Personally I find this reasonable, but the documentation does not describe this behavior, I think.

Answer 1 · 2017-05-17T22:56:55.000Z

You are correct, the documentation doesn't specify it, but when you pass -i the server not only listens on http, but doesn't do any auth token verification. I'll update the documentation to reflect