ChrisJ60 13 Posted December 31, 2024 Posted December 31, 2024 (edited) I'm working with the Emby REST API, following the documentation, and I have a lot of stuff working using API key authentication but I'm unable to successfully authenticate a specific user using the API (PostUsersAuthenticatebyname). Can someone please provide a working example or indicate what I am doing wrong: $ curl --no-progress-meter -X POST -H "X-Emby-Authorization=Emby UserId=\"8aa94d98f4794f9bb95b9be0e7569a18\",Client=\"other\",Device=\"EmbyScript\",DeviceId=\"embyscript\",Version=\"1\"" -d "{\"Username\":\"myusername\",\"Pw\":\"myuserpassword\"}" "https://myserverfqdn:myport/emby/Users/AuthenticateByName" Value cannot be null. (Parameter 'name') I need to authenticate as a specific user so I can use the calls to set item play state. Thanks. Edited December 31, 2024 by ChrisJ60
ChrisJ60 13 Posted December 31, 2024 Author Posted December 31, 2024 By some judicious use of packet capture to inspect traffic between Emby and my browser I was able to figure this out. There are multiple problems: 1. The Emby API documentation does not detail exactly how the username and password should be provided in the POST request. I had assumed they should be in JSOn format but in fact they should be encoded as: Username=theusername&Pw=thepassword Not very intuitive (to me at least). 2. This page (https://dev.emby.media/doc/restapi/User-Authentication.html) of the Emby API documentation starts by saying 'Add the following request header on every request' and gives the example: Authorization=Emby UserId="e8837bc1-ad67-520e-8cd2-f629e3155721", Client="Android", Device="Samsung Galaxy SIII", DeviceId="xxx", Version="1.0.0.0" To me this suggests this should be provided as an actual request header, but in fact it must be appended to the end of the URL in the normal way for input parameters as follows: <apiurl>/Users/AuthenticateByName?X-Emby-Client=other&X-Emby-Device-Name=EmbyScript&X-Emby-Device-Id=embyscript&X-Emby-Client-Version=1 That is kind of misleading (also it is called X-Emby-Client not Authorisation). 3. Later on the same page it says 'The return result object will have an AccessToken property. This should be included in all subsequent Http requests using the header X-Emby-Token.' But again this is NOT a header but rather an input parameter: <apiurl>/Users/<userguid>/PlayedItems/<itemid>?X-Emby-Token=<AuthToken> @softworkz It would be good if the documentation could be updated/clarified; it wasted quite a bit of my time figuring this out 1
Luke 42077 Posted December 31, 2024 Posted December 31, 2024 HI, we'll take a look at it. Thanks. @softworkz
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now