Cant get API to authorize

Hope everyone is having a happy holidays

Im here trying to get the API to work and can’t get passed a 400/403 error in postman.

Interestingly if I try the token in /web_interface/astpp/application/config/api.php I get a 400, all other times its a 403. (line 19 in the file)

Im trying to understand the docs but there is no mention what the x-auth-key is? The PRIVATE_KEY in astpp-config.conf ?

And whats the variables for authorization as I see that in the examples but not in the intro.

--header 'authorization: {{authorization}}' 

Im assuming "token":"{{token}}", is just user passed on tokens/data correct?

Thanks and any feedback here would be super appreciated.

Edit: OK progress, using Chatgpt and the info for V5 here I was able to get 200 OK for endpoint and returns a “token”. So it looks like x-auth-token is OK as well as “token” variables.

So Im assuming I reuse this “token” in the header for other requests? Im still not 100% on what the “authorization” header is.

Edit 2: Ok All done, once I entered the {{token}} in the body , taken from the token field after logging in via the api I was able to access other endpoints.

Does anyone know how to use this function to view the encrypted SIP password the API sends?

From: ASTPP/web_interface/astpp/addons/Community/api/web_interface/astpp/application/controllers/api/user_sip_device.php at c0a67a1a87ee5457a0ef1896542f29a53d4ee53e · iNextrix/ASTPP · GitHub

function _user_sipdevices_read_password()
		$this->api_log->write_log('API URL : ', base_url() . "" . $_SERVER['REQUEST_URI']);
		$this->api_log->write_log('Params : ', json_encode($this->postdata));
		$rawinfo    = $this->postdata;
			$this->response ( array (
				'status'=> false,
				'error' => $this->lang->line ( 'required_sip_device' ) 
			), 400 );		
		$string     = trim($rawinfo['hash_string']);
		$string_cnt = strlen($string);
		$status_code = substr($string, -3);
		if ($status_code != '303') {
			$this->api_log->write_log('ERROR', "Hash code not found");
				'status' => false,
				'error'  => $this->lang->line('something_wrong_contact_admin')
			), 400);
		$new_count  = $string_cnt - 3;
		$sip_number = substr($string, 0, $new_count);
		$this->db->where(array("username" => $sip_number));
		$sip_devices_res = (array) $this->db->get('sip_devices')->first_row();
		if (empty($sip_devices_res)) {
			$this->api_log->write_log('ERROR', "SIP device not found");
				'status' => false,
				'error'  => $this->lang->line('sip_device_not_found')
			), 400);
		$data = (array) json_decode($sip_devices_res['dir_params']);
			'status'   => true,
			'password' => $this->common->decode($data['password'])
		), 200);

Edit Or it could be Im wrong about how the API displays SIP credentials.

OK I figured it out but does anyone know of any other ways to do this?

If I comment out $sipdevice_value['dir_params']['password'] = $this->common->encrypt($decoded_pass);



The endpoint will send the unencrypted password , if this is over HTTPS so you think its secure enough?

Seems the encoding and decoding is done in web_interface/astpp/system/core/Common.php

I guess we have to reengineer this so it can decrypt the password where we need? Perhaps using a firebase cloud function.