API...

[PJNorrisS1]

Any plans to have some form of API for RTB? Things like API to reset game, start/stop a game and start/stop registration?

[eljeffeg]

Haven't had any requests for it. Would have to create a mechanism for API authentication. But currently, it's just a post request with an authenticated admin account.

[PJNorrisS1]

Ok. Thanks.

[PJNorrisS1]

Just revising this - what URL would I use in the -X POST event to start/stop the game and suspend/open registration as a quick fix?

Be good to have it as a CLI option for rootthebox.py --startgame / --stopgame / --openreg --closereg

thanks

[PJNorrisS1]

Ok, after a LOT of experimenting and looking at the py script, determined that we have to extract the xsrf from an authenticated cookie and pass that to the URL /admin/game along with the other parameters:

curl --location 'https://<<URL>>/admin/game' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: _xsrf=2|7016a914|347b747ec469521d78705fc9fc81c091xxxxxxxxxx; session_id=2|1:0|10:1687375795|10:session_id|44:Y2I5OGQ0NWY3MmUwMjlhNDliMTQxOTBiZGQ4YWRiNDI=|99cb97fa0a92edcf5574c5a5b7c27bf3e387d187e7c1xxxxxxxxx' \
--data-urlencode 'start_game=true' \
--data-urlencode '_xsrf=2|7016a914|347b747ec469521d78705fc9fc81cxxxxxxxx4' \
--data-urlencode 'suspend_registration=false' \
--data-urlencode 'countdown_timer=false'

Not something that can be really re-used in a script. Have you any other suggestions on how we can start/stop a game and open/close registration?

Thanks

[eljeffeg]

Not sure the command line option would work as it would be a separate instance. You'd have to communicate with the running process. API makes sense.. just a bit of work to set up the management of api keys unless we just create a setting in the rootthebox.cfg api_keys = [] and let you define your own.

[PJNorrisS1]

Yes that would work I guess - that's easy to implement my end. For now we are using the method listed above - not ideal, but it kinda works 80% of the time

[eljeffeg]

Ok, pushed a change for api. Give this a test. Add a config option like this under Server... api_keys = ['f69dede4-e2d9-4c7d-ab6f-7c0829062bc6']

Then run your action. curl -H "apikey: f69dede4-e2d9-4c7d-ab6f-7c0829062bc6" -d "start_game=true" http://localhost:8888/api/actions

These actions mirror the admin actions... start_game (or stop_game), suspend_registration, hide_scoreboard (or show_scoreboard), countdown_timer, stop_timer (or start_timer)

start_game=false is the same as stop_game=true. I just provided alternate uses to make things easy.

Note: the admin_ips list also applies to the api. So if you have admin ips defined, the request must come from one of those ips in addition to having an api_key.

[PJNorrisS1]

THANK YOU! That worked perfectly and have implemented it in to our environments. Thank you again!

[PJNorrisS1]

I know this might be a bit cheeky, wondering if it was straight forward to add to your existing API infrastructure...

As mentioned previously, we have corporations which are our games. You kindly wrote the 'lock' feature for the corporations. Using the cookie method, we are able to lock and unlock the game states from a post; but it would be far quicker for the response to have it added to the api the following two functions:

• List corporations, pulling back UUID, _name, _locked
• Lock/unlock corporations based on the UUID

Thoughts? Thank you

[eljeffeg]

Should be doable - I'm on vacation so it will be a week before I can properly look at it.