APIv2 passwords masked

Unimus support forum
Post Reply
PeterL
Posts: 1
Joined: Tue Sep 20, 2022 7:58 am

Tue Sep 20, 2022 8:13 am

Hi,

we're currently running Unimus 2.2.4.
From time to time I use the API to compile a list of devices for scipting, querying connection details from Unimus.

Currently I cannot get credentials, as passwords are masked with asterisks in the JSON reply.
The API key has "Credentials access", the credentials are not in "high security mode".

Is there something I miss?
Is this expected?

An example:

Code: Select all

{"data":{"id":0,"createTime":1570610816,"address":"192.168.111.222","description":"Firewall demo","schedule":null,"vendor":"Fortinet","type":"FortiOS","model":"FortiGate-100D","lastJobStatus":"SUCCESSFUL","connections":[{"type":"SSH","port":1243,"credentials":[{"id":1,"username":"demo","password":"*********","sshKey":null,"description":"Demo"}],"enablePassword":null}]}}
Vik@Unimus
Posts: 139
Joined: Thu Aug 05, 2021 6:35 pm

Tue Sep 20, 2022 4:30 pm

The current behavior is technically correct as we added the option for an API key to have an access to credentials only recently and mainly for the new Credentials endpoint in API v3, but this is a good point you raised. We will update our current Devices endpoint in v2 to unmask passwords if an API key is allowed to access credentials and keep them masked if it does not, just as until now.

I have created an internal ticket for this and forwarded the information to our team to implement it. As soon as I have any updates on this, I will update this thread.
Post Reply