Page 1 of 1

APIv2 passwords masked

Posted: Tue Sep 20, 2022 8:13 am
by PeterL
Hi,

we're currently running Unimus 2.2.4.
From time to time I use the API to compile a list of devices for scipting, querying connection details from Unimus.

Currently I cannot get credentials, as passwords are masked with asterisks in the JSON reply.
The API key has "Credentials access", the credentials are not in "high security mode".

Is there something I miss?
Is this expected?

An example:

Code: Select all

{"data":{"id":0,"createTime":1570610816,"address":"192.168.111.222","description":"Firewall demo","schedule":null,"vendor":"Fortinet","type":"FortiOS","model":"FortiGate-100D","lastJobStatus":"SUCCESSFUL","connections":[{"type":"SSH","port":1243,"credentials":[{"id":1,"username":"demo","password":"*********","sshKey":null,"description":"Demo"}],"enablePassword":null}]}}

Re: APIv2 passwords masked

Posted: Tue Sep 20, 2022 4:30 pm
by Vik@Unimus
The current behavior is technically correct as we added the option for an API key to have an access to credentials only recently and mainly for the new Credentials endpoint in API v3, but this is a good point you raised. We will update our current Devices endpoint in v2 to unmask passwords if an API key is allowed to access credentials and keep them masked if it does not, just as until now.

I have created an internal ticket for this and forwarded the information to our team to implement it. As soon as I have any updates on this, I will update this thread.