API authentication with JavaScript and XHR

[simonpearce]

Hi,

Does anyone have any experience authenticating with the APIs using JavaScript and XHR?

I can access the APIs but can't seem to authenticate.

Hope someone can help!

Cheers

Simon

[cPanelMatt]

Could you provide us with some more details on what you're trying to achieve?

Just by this post, it sounds like you're trying to do javascript authentication to cpanel from an external website which would be a violation of the browser's javascript security model.

If this is the case please see: Same origin policy - Wikipedia, the free encyclopedia

Otherwise, please clarifty

[simonpearce]

Hi Matt,

I'm writing an iPhone app using a program called Titanium (Use Appcelerator Titanium to build mobile apps for iPhone & Android and desktop apps for Windows, Mac OS X & Linux from Web technologies) that allows you to create mobile apps using just HTML and JavaScript!

I'm using HttpClient in JavaScript to access the APIs but am struggling a little not being a big JS programmer. So far I have:

Code:

var cpaneldomain = Titanium.App.Properties.getString("preference_cpaneldomain");
var cpanelusername = Titanium.App.Properties.getString("preference_cpanelusername");
var cpanelpassword = Titanium.App.Properties.getString("preference_cpanelpassword");

var cpanelapi = 'http://' + cpaneldomain + ':2082/xml-api/gethostname';

var c = Titanium.Network.createHTTPClient();

		c.onload = function()
		{
			Titanium.API.info('STATUS = ' + this.status)
			document.getElementById('html').innerHTML = this.responseText;
			Titanium.UI.currentWindow.repaint();
			
		};
		// open the client
              c.open('POST',cpanelapi);

		// send the data
              c.send({username:cpanelusername, password:cpanelpassword});

But I just get back:

0 Access denied

Hope you can help!

Cheers

Simon

[cPanelMatt]

I've actually encountered something *very* similar when working with adobe AIR. My solution was to use the following base64 class:

Javascript base64 - Javascript tutorial with example source code

to create a base64 request header:

Code:

        function setupAccessCredentials() {
			var username = document.getElementById('username').value;
			var password = document.getElementById('password').value;
			authstr = "Basic " + Base64.encode(username + ":" + password);
			host = document.getElementById('host').value;
		}

and then do:

Code:

        function getXmlApiRes(call ) {
        	if (authstr == undefined || host == undefined) {
        		alert('Username, Password or host is undefined');
        		return;
        	}
        	
        	var url = "https://" + host + ":2087/json-api/" + call;
      		var results = new XMLHttpRequest();
			req.open("GET", url, false);
			req.setRequestHeader("Authorization", authstr);
			req.send(null);
			if (req.status == 200) {
				var res = eval( '(' + req.responseText + ')');
			} else {
				alert( "something went wrong: " + req.status + ":" + req.statusText );
			}	
			return res;
		}

The whole method of querying cPanel from javascript turned out to be too problematic due the limitations of the environment, however there are ways to do this.

Hope this helps