Reply
New Member
Posts: 6
Registered: ‎03-23-2016

AC2 REST API how to use csrfToken?

Hi,

I'm using AC2 REST API.

I can succesfully login using POST (url /login).

The answer is different from the SWAGGER UI documentation (it returns some fields more).

But anyway, I can get the csrfToken.

 

How can I pass this token to the next calls in order to authenticat every call?

 

Do I have to pass as a parameter on GETS? (i.e. https://ac2_server:9082/devices?csrfToken=2de09cb52c5d9aab729e155336167e03)

 

Does anybody can show me a sample call?

 

Thank you.

Massimo

New Member
Posts: 6
Registered: ‎03-23-2016

Re: AC2 REST API how to use csrfToken?

Please @UBNT-PauliusG or @UBNT-Karolis can you help me?

 

Massimo

New Member
Posts: 8
Registered: ‎10-26-2013
Kudos: 1

Re: AC2 REST API how to use csrfToken?

I too would like to know how to use the returned csrfToken when placing future http calls to the API.  Please help!

Ubiquiti Employee
Posts: 766
Registered: ‎05-28-2012
Kudos: 391
Solutions: 79

Re: AC2 REST API how to use csrfToken?

You don't need to deal with token if using API, I guess the issue is that you logged in using Web UI login form instead of using API call. You should do a login with direct API call.

New Member
Posts: 6
Registered: ‎03-23-2016

Re: AC2 REST API how to use csrfToken?


@UBNT-Karolis wrote:

You don't need to deal with token if using API, I guess the issue is that you logged in using Web UI login form instead of using API call. You should do a login with direct API call.


@UBNT-Karolis in fact I did a login using direct POST to /api/v1/login and it was successfull.

How can I do next calls without passing any token?

Any call will return 401 Unauthorized...

 

I managed to do other calls by passing the Cookie returned by Login call (header Set-Cookie). Is it the right way?

 

Massimo

Highlighted
Ubiquiti Employee
Posts: 766
Registered: ‎05-28-2012
Kudos: 391
Solutions: 79

Re: AC2 REST API how to use csrfToken?

Hi @mfontanive,

 

so the first thing is you make sure to logout using Web Client. I guess the problem here is that you are already logged in and doing it again with API just do nothing. Next open swagger documentation and do login using it's UI, next try fetching a a device list. Just tried and it worked fine.

Reply