Hi, I tried to get an API token for an openhab integration with the command:
curl --location --request POST 'https://ovms.dexters-web.de:6869/api/token?username=MYUSER&password=MYPASSWORD'
I get only
Authentication failed.
But username and password are correct. What am I doing wrong?
Thanks a lot for your help!
Hi, I found that I had to use a backslash before the & like this:
curl --location --request POST 'https://ovms.dexters-web.de:6869/api/token\?username=MYUSER\&password=MYPASSWORD'
Assuming you are using the linux / osx command line, you will need to 'escape' the & and ? characters if you use the double quote marks around the URL. Using single quote marks should avoid having to do that (so long as neither your username nor password have single quote marks in them).
You can add the '-v' flag to curl to show the details of request sent, and response received.
My server still runs the old (V2) OVMS server code, haven't had the time to do the upgrade yet.
So token auth isn't supported yet, only cookie auth.
Sorry for the inconvenience.
Regards,
Michael
Thanks a lot and you don't have to apologize!!.
That explains the problems. I am now trying to implement cookie auth with the exec binding in openHAB with curl. Not so convenient, but it starts to work.
based in HK to dexters in Germany...and after hours of struggling with api token... I found this topic:)
I too was expecting the /api/token endpoint to work, and only found this after searching.
Might be worth adding to the dexters-web FAQ?
Exactly the same for me actually.
I'll see if I can prioritize the token support.
HTTP token auth should now work, please test & report results.
Regards,
Michael
Thanks Michael!
I just tested this OK using the methods outlined in the and the OVMS Requests and Authentication token maintenance docs and on Jaimyn Mayer's blog post, for example:
generate a token (response in italics): curl -X POST -F 'application=curl' -F 'purpose=testing' https://ovms.dexters-web.de:6869/api/token?username=<USERNAME>\&password=<PASSWORD> {"application":"curl","owner":"<USERNAME>","permit":"auth","purpose":"testing","token":"<TOKEN>"} get list of tokens (response in italics): curl -X GET https://ovms.dexters-web.de:6869/api/token?username=<USERNAME>\&password=<TOKEN> [{"application":"curl","created":"2023-06-20 10:43:10","lastused":"2023-06-20 10:43:10","owner":"<USERNAME>","permit":"auth","purpose":"testing","refreshed":"2023-06-20 10:43:10","token":"<TOKEN>"}] delete a token (response in italics): curl -X DELETE https://ovms.dexters-web.de:6869/api/token/<TOKEN>?username=<USERNAME>\&password=<TOKEN> {"owner":"<USERNAME>","token":"<TOKEN>"}One question...the OVMS documentation states that if the POST form includes 'permit=<permit>' then this field "...defines the list of rights granted to the user of this token...". When I issue the POST request with no permit field, I get a token returned with "permit":"auth" (as expected by looking at the source code). Q. Are the possible values of the 'permit' field documented anywhere or are API permissions not implemented? Reason I ask is that if there is way to create tokens with limited API permissions (for example, only allow access to /api/status or /api/charge, but not /api/location).
In any case, many thanks again for adding the token feature to dexters-web OVMS server. :-)