RestAPI Module Results in 403: Access Denied [Answered]

I’m trying to access the RestAPI module 13.0.21.1 and when I attempt to connect to any URL in the RestAPI paths I get a 403: Access Denied (or Forbidden). This is even before it tries to parse any of the tokens or keys.

I went into my user in user manager and made user that it had access to the RestAPI and I’ve tried to change the URL to be ext:[email protected] and that doesn’t change anything.

I’ve written all the back-end programming needed (headers, tokens, hash keys, etc) and those are included in the header, but even just a basic browser window will pull up the 403 response.

Is there a step that I’m missing to use the RestAPI?

I’ve been through the code on this module and it doesn’t raise a 403 - not that I expected it to because that is raised before it even gets to the plugin. It seems to be more of an OS/Apache issue as it exists on all three FreePBX systems that I’m running.

I was able to figure out what the issue was, the plugin documentation is off by quite a bit. Not only are the responses not even close to the documentation but the path is incorrect as well.

The docs represent the path as being:

[server_ip]/admin/index.php/rest/......

When they should be

[server_ip]/restapi/rest.php/rest/.....

Now that this is resolved I wanted to ask if this RestAPI still is available to install in V14 of FreePBX. If someone with 14 wouldn’t mind looking at the available modules to see if this appears then I would much appreciate know that plus the version (I assume it’s the same 13.x version). Now that I’m writing something to interface with this I would like to know if it goes away in 14 and thus renders my work obsolete before it even begins.

Thank you!

[[email protected] ~]# cat /etc/sangoma/pbx-version
12.7.5-1805-3.sng7
[[email protected] ~]# fwconsole ma list | grep restapi
| restapi             | 13.0.21.1   | Enabled                           | AGPLv3      |

Link to the wiki page with the issue and I will correct it.

Honestly it is very little that is accurate in the docs. There are no wiki pages that I can see, but as an example for the Do Not Disturb function at https://github.com/FreePBX-ContributedModules/restapi/blob/release/13.0/docs/dev/donotdisturb.md:

  1. It says to pass ‘state’ as ‘enabled’ or ‘disabled’ to set the values, but it’s actually ‘status’ that needs to be set to either True/enabled or False but disabled does not work at all

  2. The return on the /users list does not show up as stated, instead it’s more like this:

    “/DND/106”: “enabled”

  3. The URL is incorrect as I had stated on my reply above

That’s just for this one module. It looks like hardly any of the actually supported modules are documented at all. I’ve had to hack my way through nearly every aspect of getting the module to work but it does seem to work. I would be happy to try to create some .md files with more accurate documentation once I get it all figured out.

Sorry. This module is unsupported. It hasn’t not been worked on in over 4 years. This is why there is very little documentation on it

@eagle - in case that was too subtle, I think you’ve just been invited to help out. :slight_smile:

It actually works just fine once you figure out what it wants and what it returns.

I would say fine is a relative term. We open sourced this module about two years ago. A couple of community members came to us saying they were going to add more to the module but nothing ever came of it (haven’t heard from them since).

Additionally the module itself uses noonces and a complex user system. The module itself was written for FreePBX 2.10. It’s also not flexible. Any module you provide access to has to directly modify other modules without allowing the module to do the work. Hence why it’s strongly discouraged to use it (most likely it will probably break something)

Anyways, in 15 we have a proper API infrastructure. Each module provides a hook for the API subsystem to hook into. It supports GraphQL but can be extended with simple rest (any module can provide this). Along with proper oauth 2.0 and permission scoping. Seriously it blows RestAPI out of the water.

@tm1000 I didn’t say it was good, but that it works :stuck_out_tongue:. The auth system is really bizarre, it took a while to get everything to line up properly but it does what it was made to do, it lets met query varied systems and change the two things I wanted to change the most: DND and call forwarding. I do look forward to using a more standard OAUTH system when I get to 15 but I’m not even to 14 just yet.

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.