Unable to get past login page when sending API GET request on Postman

phpipam / phpipam

phpipam development repository

https://phpipam.net

2.23k stars 733 forks source link

Unable to get past login page when sending API GET request on Postman #3347

Open nadiyamunirah opened 3 years ago

nadiyamunirah commented 3 years ago

I am trying to send a GET request via Postman to obtain a list of subnets from phpIPAM. However, it does not allow me to get past the login page. I am using my API Key to get authorization.

Response: 2021-06-11 15_42_47-Window

does the "X-XSS-Protection: 1; mode=block" prevent me from getting my request through past the login page?

GaryAllan commented 3 years ago

Hello,

See the API docs

https://phpipam.net/api/

https://phpipam.net/api/api_curl_example/

nadiyamunirah commented 3 years ago

Hi,

I have included the token in my cURL header, yet it does not work. I am still not able to get past the login page.

GaryAllan commented 3 years ago

Hello @nadiyamunirah

The login page isn't used for API requests.

Assuming you have created an API called "my_app" under the Administration->API menu.

The API URL is https://<your site>/api/my_app/subnets/ NOT https://<yoursite>/index.php?page=subnets&section=1&subnetId=26//api/my_app/subnets/

nadiyamunirah commented 3 years ago

Hi is there a way to get the API file directories without the admin account? I simply want to extract information.