New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Using HTTP API without putting credentials in the path

Votes:

0

Your Vote:

Up

Down

Is there any way of using the HTTP API without putting credentials (in plain text) in URL parameters? I'm a little baffled that this is even allowed. This is a security faux pas as literally anyone in between the request initiator and the PRTG endpoint will have the credentials.

I would expect to pass them in as part of the body or as part of the headers.

Is this possible?

authentication http-api security

Created on Jan 8, 2018 5:29:47 PM by  justinself (0) 1



1 Reply

Votes:

0

Your Vote:

Up

Down

Hello Justin,

Use parameter passhash instead of password in the API call. You can find the passhash in your user account's settings (Setup | Account Settings | My Account). It can only be used to run API calls, but not for logging in to PRTG's webinterface.

Kind regards,

Erhard

Created on Jan 9, 2018 9:03:47 AM by  Erhard Mikulik [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.