openHAB 3 REST API basic authentication

Michdo93 · March 18, 2022, 2:07pm

Hi,

I tried to access the openHAB 3 Rest API with curl and with a browser but it failed. Normally the syntax should be:

(https://username:password@URL)

If I go to MainUI → Settings → API Security the Implicit User Role is allowed. I also allowed the Basic Authentication.

As example I can use without user credentials http://<my_ip>:8080/rest/items but I can not use http://<my_ip>:8080/rest/bindings

There I will receive:

error:
    message:   "Authentication required"
    http-code: 401

My browser asks me about Confirmation: You are about to log in to the site "<my_ip>" with the username "<my_username>", but the website does not require authentication. The may be an attempt to trick you. Is "<my_ip>" the site you want to visit? I answered with yes and I got Authentication required.

With curl I tried the -u argument with username:password and with username and entered the password in the next line. So it’s not possible to access it.

I am amazed that I can access the items without username and password. But with username and password I can’t access Things or Bindings.

But I can access:
http://<my_ip>:8080/rest/
http://<my_ip>:8080/rest/uuid
http://<my_ip>:8080/rest/spec
http://<my_ip>:8080/rest/module-types
http://<my_ip>:8080/rest/iconsets
http://<my_ip>:8080/rest/audio as example /sources
http://<my_ip>:8080/rest/voice as example /interpreters
http://<my_ip>:8080/rest/habpanel but not used
http://<my_ip>:8080/rest/templates
http://<my_ip>:8080/rest/events as example /events?topics=openhab/thing but will download an endless file.
http://<my_ip>:8080/rest/ui but I don’t know what else.
http://<my_ip>:8080/rest/auth as example but I don’t know what else.
http://<my_ip>:8080/rest/thing-types
http://<my_ip>:8080/rest/items
http://<my_ip>:8080/rest/profile-types

I can not access:
http://<my_ip>:8080/rest/persistence
http://<my_ip>:8080/rest/things
http://<my_ip>:8080/rest/bindings
http://<my_ip>:8080/rest/services
http://<my_ip>:8080/rest/discovery
http://<my_ip>:8080/rest/links
http://<my_ip>:8080/rest/config-descriptions
http://<my_ip>:8080/rest/systeminfo
http://<my_ip>:8080/rest/rules
http://<my_ip>:8080/rest/addons
http://<my_ip>:8080/rest/channel-types
http://<my_ip>:8080/rest/inbox

How can I use the REST API correctly and how to use the basic authentication correctly? Thanks in advance.

binderth · March 18, 2022, 4:37pm

It’s right here in the documentation?

simcla · April 27, 2023, 9:16am

Sorry, as far as I can see, it’s not in the documentation:

http://userid:password@192.168.178.ip:8080/rest/items/item_id

works correctly, but

http://userid:password@192.168.178.ip:8080/rest/things/thing_id

gives

{"error":{"message":"Authentication required","http-code":401}}

(basic authentication is enabled)

Why does it work for items but not for things?

What have I overlooked?

Many thanks in advance!
Joachim

openHAB 3.4.3
Release Build

Wolfgang_S · April 27, 2023, 5:33pm

Does it work for items ? In case you don’t use userid:password@ as part of the url in case of items you still have access, right ?

simcla · April 27, 2023, 6:38pm

It does work for items with and without userid:password

For things it does not work neither with nor without userid:password

Kailash_Shewtahul · August 16, 2023, 6:51am

Hi,
I had the same problem. I managed to make it work by:

Creating an API Token. You can do this by logging in as an Administrator and going to your profile section. https://www.openhab.org/docs/configuration/apitokens.html
Include these headers in your call:

“Authorization”: “Basic xxxxxxx” (In case you are accessing via openhabcloub. It is base64 encoded openhabclouduserid:password).
“X-OPENHAB-TOKEN”: “oh.yyy.yyyyyyyy” (Your API Token).
“accept”: “application/json”

Cheers