7.8. API

The API script is executed for each SOAP API call, to verify the authentication credentials and enforce permissions. All communication to the system goes through the API; even the (jailed) web interface and console/terminal interface. This script can be used to grant limited permissions for external services such as the end-user interface, but also to implement external authentication (such as LDAP) for access to the local system.

7.8.1. Pre-defined variables

These are the read-only pre-defined variables available each time a SOAP function is called.

Variable Type Example Description
$clientip string “192.168.1.12” The IP address of the client
$username string “loginuser” Username
$password string “secret” Password
$service string “webui” Eg. “ssh”, “ftp”...
$soapcall string “configKeySet” The SOAP function that is executed
$soapargs array [] The SOAP function arguments (not always available)

7.8.2. Functions

api.Authenticate([options])

Authorizes the API call.

Parameters:options (array) – options array
Returns:doesn’t return, script is terminated

The following options are available in the options array.

  • fullname (string) Corresponds to the “Full Name” property of configuration users. The default is $username.
  • accesslevel (string) The access level string, such as “r” for read-only. The default is no accesslevel restrictions.
api.Deny([message])

Denies the API call.

Parameters:message (string) – reason for denying. The default is Unauthorized.
Returns:doesn’t return, script is terminated

7.8.3. On script error

On script error Deny() is called.

7.8.4. On implicit termination

If not explicitly terminated then Deny() is called.