Skip to main content

Problem with permissions for showbw API call

Comments

4 comments

  • cPRex Jurassic Moderator

    Hey there!  I setup a test environment to perform this work and I wasn't able to reproduce the issue.  I did make sure to only include the "Initial Privileges" and "Account Information" boxes in the token so it was properly limited.

    I used the curl option for simpler testing than using it inside a script of some sort, with this code:

    curl -H 'Authorization: whm root:TOKENGOESHERE' 'https://host.domain.com:2087/json-api/showbw?api.version=1'

    and got the following result I expected:

    {"data":{"reseller":"root","acct":[{"owner":"root","totalbytes":619359201,"bwlimited":0,"bwusage":[{"deleted":0,"usage":"618748202","domain":"domain.com"}],"deleted":0,"limit":"unlimited","reseller":0,"user":"username","maindomain":"domain.com"},{"bwusage":[{"domain":"domain.com","deleted":0,"usage":"1200463337"}],"deleted":0,"totalbytes":1200463337,"owner":"root","bwlimited":0,"limit":"unlimited","user":"username","maindomain":"domain.com","reseller":0},{"limit":"unlimited","reseller":0,"maindomain":"domain.com","user":"username","bwlimited":0,"owner":"root","totalbytes":10822414,"bwusage":[{"domain":"domain.com","usage":0,"deleted":1},{"usage":"10260646","deleted":0,"domain":"domain.com"},{"deleted":1,"usage":"184916","domain":"addonapi.domain.com"},{"deleted":0,"usage":0,"domain":"randomaddontest.com"},{"usage":"198651","deleted":0,"domain":"randomaddontest.com.domain.com"}],"deleted":0}],"totalused":"1830644952","month":2,"year":2024},"metadata":{"reason":"OK","command":"showbw","result":1,"version":1}}[root@10-2-35-26 ~]# 

    If you'd like to create a ticket we could do some more testing directly in your environment to see if we could reproduce this on your machine.

    0
  • Patrick Mallison

    Thanks for taking the time to try and recreate the problem,  I am using a PHP script but took your advice to keep it simple with curl but still got any empty result

    {"data":{"totalused":0,"acct":[],"reseller":"root","year":2024,"month":2},"metadata":{"version":1,"result":1,"reason":"OK","command":"showbw"}

    However, seeing that result on the command line rather than buried in my script, the word 'reseller' jumped out at me.   I realised that all the accounts in my servers are owned by reseller accounts rather than root.  I changed the ownership of some accounts and the API worked.

    Not sure I agree with the logic that prevents a root account getting to this data but luckily I'm able to login to the API with each of the reseller accounts so I can achieve my objective with the API.

    Many thanks for your help.

    0
  • cPRex Jurassic Moderator

    I'm glad I could help point you in the right direction, at least!  Are you saying the call did not work on an account owned by a reseller?

    0
  • Patrick Mallison

    That's right, not when the call is made with a root-owned token.   It does work with a token generated by the reseller though.

    0

Please sign in to leave a comment.