pünktchen 1241 Posted November 25, 2019 Share Posted November 25, 2019 Is there an interface or method to create an api key from within a NetCore plugin? Link to comment Share on other sites More sharing options...
chef 3744 Posted November 25, 2019 Share Posted November 25, 2019 In the SessionService there is an authKeys endpoint. This might be something. You can POST it GET. Link to comment Share on other sites More sharing options...
chef 3744 Posted November 25, 2019 Share Posted November 25, 2019 Yes so it is the AuthKeys endpoint in sessionService. You can create an app with POST. Then use GET, to get the apps API Key that is auto generated Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted November 25, 2019 Author Share Posted November 25, 2019 Thanks, but my question is if it's possible without the json api. Just pure C# Link to comment Share on other sites More sharing options...
chef 3744 Posted November 25, 2019 Share Posted November 25, 2019 (edited) I don't see one you're right. IHttpClient using (await HttpClient.Post( new HttpRequestOptions { Url = "/Auth/Keys?App=" + app.Name, CancellationToken = CancellationToken.None, EnableHttpCompression = false, }) .ConfigureAwait(false)) { Does that work? Edited November 25, 2019 by chef Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted November 25, 2019 Author Share Posted November 25, 2019 Mmh, but to send this post request i already have to authenticate myself with an API key or not? Link to comment Share on other sites More sharing options...
chef 3744 Posted November 25, 2019 Share Posted November 25, 2019 not inside a plugin you don't Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted November 25, 2019 Author Share Posted November 25, 2019 Wow, didn't know that. So i asume that it also was no mistake by you that you didn't provide a host and port in the request? Link to comment Share on other sites More sharing options...
chef 3744 Posted November 25, 2019 Share Posted November 25, 2019 (edited) Wow, didn't know that. So i asume that it also was no mistake by you that you didn't provide a host and port in the request? Well thats the thing I'm not sure about. It would have to be tested. The ApiClient object would already be authenticated. I'm pretty sure. EDIT: upon further inspection... I might not be correct. Edited November 25, 2019 by chef Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted November 25, 2019 Author Share Posted November 25, 2019 Okay, maybe some insights from @@Luke can help here. Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted January 29, 2023 Author Share Posted January 29, 2023 @Luke after more than three years, can i expect an answer? Is there a way to create an Emby api key inside a c# plugin? Link to comment Share on other sites More sharing options...
Luke 36881 Posted February 21, 2023 Share Posted February 21, 2023 On 1/29/2023 at 10:05 AM, pünktchen said: @Luke after more than three years, can i expect an answer? Is there a way to create an Emby api key inside a c# plugin? What is the use case for this? Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted February 21, 2023 Author Share Posted February 21, 2023 To access secured rest api endpoints without any user identity. Link to comment Share on other sites More sharing options...
Luke 36881 Posted February 21, 2023 Share Posted February 21, 2023 12 hours ago, pünktchen said: To access secured rest api endpoints without any user identity. For use where, in your plugin html, or somewhere externally? Generally speaking I don't think it's going to be a good practice for a plugin to create api keys in uncontrolled manner given that they grant full access to the system. Maybe down the road once we can assign roles to api keys, then you can create one that only has permission for the specific thing that you need and I think that will be fine. But for now, I think it's best to make the user confirm and agree to this being done, and if you're going to do that, then you might as well just have them use the stock UI to create an api key and then configure it into your plugin. Is this for virtual tv stream urls? Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted February 21, 2023 Author Share Posted February 21, 2023 17 minutes ago, Luke said: For use where, in your plugin html, or somewhere externally? Plugin html mainly. 19 minutes ago, Luke said: Generally speaking I don't think it's going to be a good practice for a plugin to create api keys in uncontrolled manner given that they grant full access to the system. Are you serious? A c# plugin already has full control over Emby. Not only that. It potentially can take control of the whole system without that the user knows about it. 27 minutes ago, Luke said: Maybe down the road once we can assign roles to api keys, then you can create one that only has permission for the specific thing It's a good idea for the future. 33 minutes ago, Luke said: Is this for virtual tv stream urls? Not only. Link to comment Share on other sites More sharing options...
chef 3744 Posted February 21, 2023 Share Posted February 21, 2023 I know that I could use an API key without user authentication for my Alexa app. I just need to send urls for backdrop videos. I had to create a key inside the plugin config, and save it for use in Alexa requests. I may actually remove that code and just rely on backdrop images, but the video backgrounds are so cool, it's hard to give up. Link to comment Share on other sites More sharing options...
Luke 36881 Posted February 21, 2023 Share Posted February 21, 2023 1 hour ago, pünktchen said: Plugin html mainly. Is this html always within the server dashboard? If so then you'll always have the admin access you need anyway, right? Quote Are you serious? A c# plugin already has full control over Emby. Not only that. It potentially can take control of the whole system without that the user knows about it. That's within the scope of server code though, whereas an api key is something that can be used externally. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now