Page 1 of 1
identify 1.32 vs 1.30 for API Login
Posted: Mon Apr 29, 2019 2:21 pm
by MartinGoodwell
Hi all,
it's great to see 1.32 and its many improvements happening. Thanks for all your efforts, everyone!
I'm working on integrating the ZoneMinder API to my smart home OSS project of choice (fhem.de) by providing a ZoneMinder integration module for triggering and receiving events between fhem and ZM.
Now, with 1.32 being available, I need to handle two different ways of authenticating to the ZM-API.
(login.php for 1.30 and earlier, login.json for newer versions).
The thing is, before being authenticated, I have no way of finding out, how I need to authenticate, because '/api/host/getVersion.json' already needs authentication.
Is there a way to find out which version of ZM is running, if the user only provides a URL?
Thanks!
Martin
Re: identify 1.32 vs 1.30 for API Login
Posted: Mon Apr 29, 2019 5:13 pm
by rockedge
Yes there is Martin!
try using
http://the-ZM-server-ip/zm/api/host/getVersion.json
more detail from the docs :
Code: Select all
A deeper dive into the login process
As you might have seen above, there are two ways to login, one that uses the login.json API and the other that logs in using the ZM portal. If you are running ZoneMinder 1.32.0 and above, it is strongly recommended you use the login.json approach. The “old” approach will still work but is not as powerful as the API based login. Here are the reasons why:
The “old” approach basically uses the same login webpage (index.php) that a user would log into when viewing the ZM console. This is not really using an API and more importantly, if you have additional components like reCAPTCHA enabled, this will not work. Using the API approach is much cleaner and will work irrespective of reCAPTCHA
The new login API returns important information that you can use to stream videos as well, right after login. Consider for example, a typical response to the login API (/login.json):
{
"credentials": "auth=f5b9cf48693fe8552503c8ABCD5",
"append_password": 0,
"version": "1.31.44",
"apiversion": "1.0"
}
In this example I have OPT_AUTH enabled in ZoneMinder and it returns my credential key. You can then use this key to stream images like so:
<img src="https://server/zm/cgi-bin/nph-zms?monitor=1&auth=<authval>" />
Where authval is the credentials returned to start streaming videos.
The append_password field will contain 1 when it is necessary for you to append your ZM password. This is the case when you set AUTH_RELAY in ZM options to “plain”, for example. In that case, the credentials field may contain something like &user=admin&pass= and you have to add your password to that string.
the entire doc (you may already know this) is here ->
https://zoneminder.readthedocs.io/en/stable/api.html
Re: identify 1.32 vs 1.30 for API Login
Posted: Tue Apr 30, 2019 6:30 am
by MartinGoodwell
Thanks for the quick reply!
The thing is, that API-call already requires being authenticated.
For my use-case, having access to that information *before* being authenticated would be nice.
Is there a way to do that?
EDIT: ah, I could use the "old" way to login initially (regardless of version) and then set a flag that allows me to use the "new" approach for future logins, if possible... I'll try that
Thanks
Martin
Re: identify 1.32 vs 1.30 for API Login
Posted: Tue Apr 30, 2019 2:28 pm
by rockedge
there are some PERL API functions floating around....perhaps there may be a version check without authorization?? Not sure about that but maybe worth a look