mirror of https://github.com/pikvm/pikvm.git
1.6 KiB
1.6 KiB
API
Authorization
All APIs are restricted to authorization. To make requests, you either need to authorize each request individually, or get a token and pass it as a cookie with each request.
Single request auth
There are two options here:
- Using X-headers. Just pass
X-KVMD-UserandX-KVMD-Passwdwith the request:$ curl -k -H X-KVMD-User:admin -H X-KVMD-Passwd:admin https://pikvm/api/auth/check - Using HTTP Basic Auth. Please note: contrary to the standard, this method DOES NOT use the
WWW-Authenticateheader. HTTP Basic Auth in this implementation is intended only for compatibility with other systems, such as Prometheus.$ curl -k --user admin:admin https://pikvm/api/auth/check
Session-based (token) auth
- Authorize and get token for the user using
POST /api/auth/login:
On success the cookie$ curl -k -vv -X POST --data user=admin --data passwd=admin https://pikvm/api/auth/login ... < Set-Cookie: auth_token=796cb83b11de4fcb749bc1bad14a91fb06dede84672b2f847fef1e988e6900de; Path=/ ...auth_tokenwill be recieved with200 OK. On invalid user or password you will get403 Forbidden. - The handle
GET /api/auth/checkcan be used for check the auth status. If the user is logged in, you will see200 OK. If the token or any of the single-request auth methods are missing,401 Unauthorizedwill be returned. On incorrect credentials or token,403 Forbiddenwill be returned. - The handle
POST /api/auth/logoutcan be used for invalidate session token. The response codes will be similar to the previous handle.