Jump to content

Create API key from within a plugin


pünktchen

Recommended Posts

In the SessionService there is an authKeys endpoint. This might be something.

You can POST it GET.

Link to comment
Share on other sites

Yes so it is the AuthKeys endpoint in sessionService. You can create an app with POST.

 

Then use GET, to get the apps API Key that is auto generated

Link to comment
Share on other sites

I don't see one you're right.

IHttpClient

                using (await HttpClient.Post(
                        new HttpRequestOptions
                        {
                            Url = "/Auth/Keys?App=" + app.Name,
                            CancellationToken = CancellationToken.None,
                            EnableHttpCompression = false,
                        })
                    .ConfigureAwait(false))
                {
 


Does that work?

Edited by chef
Link to comment
Share on other sites

pünktchen

Wow, didn't know that.

So i asume that it also was no mistake by you that you didn't provide a host and port in the request?

Link to comment
Share on other sites

Wow, didn't know that.

So i asume that it also was no mistake by you that you didn't provide a host and port in the request?

 

 

Well thats the thing I'm not sure about. It would have to be tested.

 

The ApiClient object would already be authenticated. I'm pretty sure.

 

EDIT: upon further inspection... I might not be correct.

Edited by chef
Link to comment
Share on other sites

  • 3 years later...
  • 4 weeks later...
On 1/29/2023 at 10:05 AM, pünktchen said:

@Luke after more than three years, can i expect an answer? Is there a way to create an Emby api key inside a c# plugin?

What is the use case for this?

Link to comment
Share on other sites

12 hours ago, pünktchen said:

To access secured rest api endpoints without any user identity.

For use where, in your plugin html, or somewhere externally?

Generally speaking I don't think it's going to be a good practice for a plugin to create api keys in uncontrolled manner given that they grant full access to the system. Maybe down the road once we can assign roles to api keys, then you can create one that only has permission for the specific thing that you need and I think that will be fine.

But for now, I think it's best to make the user confirm and agree to this being done, and if you're going to do that, then you might as well just have them use the stock UI to create an api key and then configure it into your plugin.

Is this for virtual tv stream urls?

Link to comment
Share on other sites

pünktchen
17 minutes ago, Luke said:

For use where, in your plugin html, or somewhere externally?

Plugin html mainly.

19 minutes ago, Luke said:

Generally speaking I don't think it's going to be a good practice for a plugin to create api keys in uncontrolled manner given that they grant full access to the system.

Are you serious? A c# plugin already has full control over Emby. Not only that. It potentially can take control of the whole system without that the user knows about it.

27 minutes ago, Luke said:

Maybe down the road once we can assign roles to api keys, then you can create one that only has permission for the specific thing

It's a good idea for the future. 🤭

33 minutes ago, Luke said:

Is this for virtual tv stream urls?

Not only.

Link to comment
Share on other sites

I know that I could use an API key without user authentication for my Alexa app.

I just need to send urls for backdrop videos.

I had to create a key inside the plugin config, and save it for use in Alexa requests.

😬 I may actually remove that code and just rely on backdrop images, but the video backgrounds are so cool, it's hard to give up.

Link to comment
Share on other sites

1 hour ago, pünktchen said:

Plugin html mainly.

 

Is this html always within the server dashboard? If so then you'll always have the admin access you need anyway, right?

Quote

Are you serious? A c# plugin already has full control over Emby. Not only that. It potentially can take control of the whole system without that the user knows about it.

That's within the scope of server code though, whereas an api key is something that can be used externally.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...