logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error
Rest API questions - Swagger API and Permissions when calling on rest api in 6.6+
Options
Go to last post Go to first unread
Previous Topic Next Topic
DCIArtformDev  
#1 Posted : Wednesday, September 12, 2018 8:22:15 PM(UTC)
DCIArtformDev


Rank: Guest

Joined: 5/3/2018(UTC)
Posts: 7
Location: Milwaukee
I know I can get a definition file for the rest api for my instance in the form of:

https://[instancename].screenconnect.com/OpenApiDocument.axd (Is there a Swagger like document explaining the details of each function?

What permissions are needed to make calls on the functions in this api, such as: https://[instancename].screenconnect.com/Services/PageService.ashx/GetSessionDetails

I can make a raw call to this endpoint using something like fiddler/postman:

Quote:
POST https://[InstanceName].screenconnect.com/Services/PageService.ashx/GetSessionDetails HTTP/1.1
accept: application/JSON; charset=utf-8
content-type: application/json
cache-control: no-cache
authorization: Basic **************************
user-agent: PostmanRuntime/7.2.0
accept-encoding: gzip, deflate

["GROUPNAME","SESSIONID"]


It seems I can only successfully make this call with the "Cloud Administrator" account, no others. I feel like I'm glossing over a permission ssue here, but I don't know where.

I don't want to store cloud admin credentials in an application in order to make this work...

Any insight is appreciated.
Back to top

Back to top  
Scott  
#2 Posted : Wednesday, October 3, 2018 1:40:34 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,862
United States

Thanks: 3 times
Was thanked: 351 time(s) in 303 post(s)
So I guess the only reliable way to know which permissions are required for each method is to look at the functions themselves.

Within the server installation in Services/PageService.ashx, the GetSessionDetails method has

Code:

		Permissions.AssertPermission(new SessionPermissionRequest { Name = PermissionInfo.ViewSessionGroupPermission, SessionGroupName = sessionGroupName, SessionType = sessionDetails.Session.SessionType }, permissionEntries);


meaning it requires the ViewSessionGroupPermission to return any information. It also requires the ViewSessionGuestScreenshotPermission (found one line above the previous code sample) to correctly return the image data.


Just for another example, if you look within the MailService.ashx class at the SendTestEmail method, you can see it also asserts the AdministerPermission.
ScreenConnect Team
Back to top
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2021, Yet Another Forum.NET