Hi all,
First, let me apologize because i am not very versatile at using apis.
My question is, i have a user, that is properly authenticating, and i am able to get information from curl --insecure -u "$API_KEY:$API_SECRET" -X GET "$OPNSENSE_URL/api/core/menu/search" as expected.
[
{
"Id": "Dashboard",
"Order": "0",
"VisibleName": "Dashboard",
"CssClass": "fa fa-dashboard fa-fw",
"Url": "/ui/core/dashboard",
"IsExternal": "N",
"Visibility": "all",
"Selected": false,
"isVisible": true,
"breadcrumb": "Lobby / Dashboard",
"depth": 2
},
{
"Id": "License",
"Order": "1",
"VisibleName": "License",
"CssClass": "fa fa-balance-scale fa-fw",
"Url": "/ui/core/license",
"IsExternal": "N",
"Visibility": "all",
"Selected": false,
"isVisible": true,
"breadcrumb": "Lobby / License",
"depth": 2
},
{
"Id": "Password",
"Order": "2",
"VisibleName": "Password",
"CssClass": "fa fa-key fa-fw",
"Url": "/system_usermanager_passwordmg.php",
"IsExternal": "N",
"Visibility": "all",
"Selected": false,
"isVisible": true,
"breadcrumb": "Lobby / Password",
"depth": 2
},
... the list goes on and on, so i assume that authentication is working.
However, if i try to access any of the items via postman, and yes i am basic authenticating, i keep getting the auth login page as i was not authenticated.
For example: /ui/core/license i get a login page as i was not authenticated.
The user that is performing the operations has at the user page, the effective permission of GUI/All pages set.
Also i have tried with curl and got the same results.
What am i missing?
Thanks for your help
Found what i was looking inside the code:
https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Interfaces/ACL/ACL.xml