IMPORTANT: New API Key Feature of 0.4.9

[switch]

Version 0.4.9 of SABnzbd, which should be released sometime next week, will introduce a new API Key feature. This feature is aimed at increasing the security of API functions.

Users will find a 32 character alphanumeric key listed on the general page of the config. This key is required in all API requests made by third party programs. The key is client side, so users will be required to enter their key into third party programs that interact with the api. The key is static and will be the same throughout sessions, however the user can manually generate a new key through the web interface.

Third party scripts should make use of this key by including it in the url of the api request.

Code: Select all

http://localhost:8080/sabnzbd/api?mode=qstatus&output=xml&apikey=711de66ca57dae90338267d05f70efe9

Failure to produce a key will result in the following return from the api:

Code: Select all

error: API Key Required

And an incorrect key will return:

Code: Select all

error: API Key Incorrect

If you wish to allow users to generate new keys, they can be generated like so, the new key will be returned following the command:

Code: Select all

http://localhost:8080/api?mode=config&name=set_apikey&apikey=EXISTINGAPIKEY

If set, the web username and password is still required as well as the apikey. This may change in version 0.5, however for now both the api key and user/password are required.

For versions older than 0.4.9 supplying the API Key in the api request will not work, if you wish to also support older versions then you should check the current version using the API:
XML:

Code: Select all

http://localhost:8080/sabnzbd/api?mode=version&output=xml

JSON:

Code: Select all

http://localhost:8080/sabnzbd/api?mode=version&output=json

Plain Text (Versions below 0.4.9 will return 'not implemented\n'):

Code: Select all

http://localhost:8080/sabnzbd/api?mode=version

The version check is the only api function that does not require the apikey to be passed.

If you wish to add support for 0.4.9 before it's public release, then please sign up as a release tester which should give you access to a pre-release version of 0.4.9 a few days before the final release.

If you have any questions feel free to ask in this thread.

[pip]

i just noticed a slight error in your example

http://localhost:8080/api?mode=qstatus& ... d05f70efe9

should read
http://localhost:8080/sabnzbd/api?mode=qstatus&output=xml&apikey=711de66ca57dae90338267d05f70efe9

otherwise you get

"404 Not Found
The path '/api' was not found.

Page handler: "The path '/api' was not found."
Traceback (most recent call last):
  File "cherrypy\_cphttptools.pyo", line 121, in _run
  File "cherrypy\_cphttptools.pyo", line 256, in main
  File "cherrypy\_cphttptools.pyo", line 326, in mapPathToObject
NotFound: 404
Powered by *CherryPy 2.3.0 "


if i understand you right, it basicly means just take your old http line you usually feed to sab+ ,and simply add &apikey=your key as found in config/general/ to the end without any spaces.....

such as a one liner you might do from say a "rebol view" shell or rebol .r GUI TCP/IP script

cut----
page: read http://192.168.0.1:8081/sabnzbd/api?mod ... cfb9cddfee
cut----
http://www.rebol.com/docs/core23/rebolcore-3.html
http://www.rebol.org/view-script.r?scri ... wsreader.r
http://www.rebol.com/pre-view.html
http://www.rebol.net/plugin/demos/

*ohh dear.., "CherryPy 2.3.0" theres a newer one now released just the other day, 2009-04-12 CherryPy 3.1.2 released and that old ones not even listed on the front page http://www.cherrypy.org/ non older than 3.0 infact, why are we using such old code ?

[switch]

Thanks for the URL fix.

The reason we are still using cherrypy 2.x is that it requires a lot of work to upgrade to the 3.x version. However we have done that work for SABnzbd 0.5.0 and are using the latest trunk version of Cherrypy 3.2.x

[pip]

Thanks for the URL fix.

The reason we are still using cherrypy 2.x is that it requires a lot of work to upgrade to the 3.x version. However we have done that work for SABnzbd 0.5.0 and are using the latest trunk version of Cherrypy 3.2.x

great, its good to know,thanks.

is the API expanding to ?, with docs (do this ,get this result) and full example URLs to make external use of it, im not very good with GUI Rebol scripting, but ill try anything once if 3rd party apps dont want to make/work the way i like, and theres a begginers set of API URL lines to cut and paste

again ,thanks.

"bonding" news servers together is just so cool...

[switch]

Yes, the API has been expanded.

You can see the full api commands available in 0.5 here:
http://sabnzbd.wikidot.com/api (note that these are for 0.5 alpha and may not be finalised)

[switch]

Just to note, as of 0.5.0 the username and password is not required. Only the apikey is required for authenticating with the API