REST api restart Response [403] CSRF Error after update system config

Support
1

Hi ! I use the REST api to connect node between us.

In python with requests :

import requests
import json

headers = {'X-API-Key': 'XXXXXX'}

newdevice = {u'devices': [{u'addresses': [u'dynamic'],
  u'certName': u'',
  u'compression': u'metadata',
  u'deviceID': "XXXXXXX",
  u'introducer': True,
  u'name': u' XNAMEX'}]}

data = json.dumps(newdevice)
send  = requests.post("http://sync.MYHOST.com/rest/system/config", data=data, headers=headers)

print send is ok : [200]

The gui ask to me to restart to activate the new configuration.

So i launch :

restart = requests.post("http://sync.MYHOST.com/rest/system/restart", headers=headers)

“print restart” return Response [403]

“print restart.content” return 'CSRF Error\n’ If i launch the “restart” before the “config send” to a new fresh install, it’s work like a charm. Did i miss something ?

Thanks !

2

You need to use the API key in your requests. See the top of the docs.

3

… It does seem odd that it’s letting you post the config though - I don’t think it should do that? @calmh?

4

I use the api key within the header. And it’s work for the /rest/system/config.

headers = {'X-API-Key': 'XXXXXX'}

Sorry, i forgot to write this line. I update my question.

5

You are probably changing (or nulling out) the whole config as you post the new one, at the same time unsetting the API key.

2 Likes
6

Mmm ! I see. Thanks for your answer.

We cannot update only few lines of the config ? We have to inject all the json ?

Did you have another solution to add some nodes through the rest api or another cli tool ?

7

Well you get the whole config, tweak what you wish and you post the whole thing back.

1 Like
8

Yep. I will append to the dict the new node. Thank you all for your answer. I will post the final work.

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.