The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

API authentication with JavaScript and XHR

Discussion in 'cPanel Developers' started by simonpearce, Jan 22, 2010.

  1. simonpearce

    simonpearce Well-Known Member

    Joined:
    Jun 20, 2003
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    Does anyone have any experience authenticating with the APIs using JavaScript and XHR?

    I can access the APIs but can't seem to authenticate.

    Hope someone can help!

    Cheers

    Simon
     
  2. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Could you provide us with some more details on what you're trying to achieve?

    Just by this post, it sounds like you're trying to do javascript authentication to cpanel from an external website which would be a violation of the browser's javascript security model.

    If this is the case please see: Same origin policy - Wikipedia, the free encyclopedia

    Otherwise, please clarifty
     
  3. simonpearce

    simonpearce Well-Known Member

    Joined:
    Jun 20, 2003
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Hi Matt,

    I'm writing an iPhone app using a program called Titanium (Use Appcelerator Titanium to build mobile apps for iPhone & Android and desktop apps for Windows, Mac OS X & Linux from Web technologies) that allows you to create mobile apps using just HTML and JavaScript!

    I'm using HttpClient in JavaScript to access the APIs but am struggling a little not being a big JS programmer. So far I have:

    Code:
    
    var cpaneldomain = Titanium.App.Properties.getString("preference_cpaneldomain");
    var cpanelusername = Titanium.App.Properties.getString("preference_cpanelusername");
    var cpanelpassword = Titanium.App.Properties.getString("preference_cpanelpassword");
    
    var cpanelapi = 'http://' + cpaneldomain + ':2082/xml-api/gethostname';
    
    var c = Titanium.Network.createHTTPClient();
    
    		c.onload = function()
    		{
    			Titanium.API.info('STATUS = ' + this.status)
    			document.getElementById('html').innerHTML = this.responseText;
    			Titanium.UI.currentWindow.repaint();
    			
    		};
    		// open the client
                  c.open('POST',cpanelapi);
    
    		// send the data
                  c.send({username:cpanelusername, password:cpanelpassword});
    
    
    But I just get back:

    Hope you can help!

    Cheers

    Simon
     
  4. MattDees

    MattDees cPanel Product Owner
    Staff Member

    Joined:
    Apr 29, 2005
    Messages:
    417
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I've actually encountered something *very* similar when working with adobe AIR. My solution was to use the following base64 class:

    Javascript base64 - Javascript tutorial with example source code

    to create a base64 request header:

    Code:
            function setupAccessCredentials() {
    			var username = document.getElementById('username').value;
    			var password = document.getElementById('password').value;
    			authstr = "Basic " + Base64.encode(username + ":" + password);
    			host = document.getElementById('host').value;
    		}
    and then do:

    Code:
            function getXmlApiRes(call ) {
            	if (authstr == undefined || host == undefined) {
            		alert('Username, Password or host is undefined');
            		return;
            	}
            	
            	var url = "https://" + host + ":2087/json-api/" + call;
          		var results = new XMLHttpRequest();
    			req.open("GET", url, false);
    			req.setRequestHeader("Authorization", authstr);
    			req.send(null);
    			if (req.status == 200) {
    				var res = eval( '(' + req.responseText + ')');
    			} else {
    				alert( "something went wrong: " + req.status + ":" + req.statusText );
    			}	
    			return res;
    		}
    The whole method of querying cPanel from javascript turned out to be too problematic due the limitations of the environment, however there are ways to do this.

    Hope this helps :)
     
Loading...

Share This Page