API error "422 Unprocessable Entity"

Started to play with HCP API. Testing connection and receiving error “422 Unprocessable Entity”.
How to begin to debug such obscure error? Here is error log:

Got error 'PHP message: Client error: POST https://web1.domain.tld:8888/api/` resulted in a 422 Unprocessable Entity response:\n2\n`

What’s that \n2\n ?

What code are you running?

Ok, I will skip this…

Now regarding API permissions.

401 Unauthorized response:\nError: Key QnVw7n… don’t have permission to run the command v-list-dns-templates

Permissions of the key in question:

Permissions

billing
mail-accounts
phpmyadmin-sso
purge-nginx-cache
sync-dns-cluster
update-dns-records

Is there any more permissions to give?

Not all commands are available but you can add it to one of the “permissions”, for example, to add v-list-dns-templates to billing, edit file /usr/local/hestia/data/api/billing and add the command to the list.

Ou, wow, this is definitely a feature to have unlocked full api.

1 Like

Create an api key via CLI with * permissions and it works…

Or you can create your own permissions sets…

How to do that?

You can better create a new file and it will also get listed :slight_smile:

1 Like

@sahsanu already explained it… Or use the documentation:

1 Like

Just create a file in /usr/local/hestia/data/api/ with the ROLE and COMMANDS you want to use.

For example:

cd /usr/local/hestia/data/api/
cp billing culibine

Edit culibine and remove/add the COMMANDS you want to use for this permission. You can also change the ROLE.

If you want that culibine permission uses ROLE admin and just could use commands v-list.sys-services and v-list-dns-templates the file will look like this:

ROLE='admin'
COMMANDS='v-list-sys-services,v-list-dns-templates'

Now when you try to add a new access key, you will see culibine permission listed so you can select it.

2 Likes

Did my tests and custom template still does not work. Role “admin” and added all v-…

But, workaround is simply issue system api key: v-generate-api-key which allows any action to be executed via API.

Probally we are going to drop that method in the future……….

What’s the error you get?
Are you adding the permissions to a regular user or admin user?
API is enabled only for admin or for all users? You can check it from command line with this:

v-list-sys-config json | jq -r '.[].API_SYSTEM'

If you get 0 API is disabled, 1 allow only for admin, 2 allow for all users.

Just to check… I’ve created a new permission testperm

# cat /usr/local/hestia/data/api/testperm
ROLE='user'
COMMANDS='v-list-web-domains,v-list-sys-services'

I’ve created a new access key to a regular user named also test.

# v-add-access-key test testperm
ACCESS_KEY_ID:      HereTheAccessKey
SECRET_ACCESS_KEY:  HereTheSecretKey
USER:               test
PERMISSIONS:        testperm
COMMENT:
TIME:               11:22:02
DATE:               2023-08-26

In case you find it useful, I’ve created a simple wrapper bash script to talk to hestia api that you could use to test it, just save it, modify the first 4 variables with your data, save it, give execution perms and execute it. Using it is really simply, ./the_nameof_script hestia_command arg1 arg2 etc. just like you will use the hestia commands in your server but preceding it by the name of the wrapper script.

#!/usr/bin/env bash

# You must edit these variables with the right data
host="hestiacp.example.com"
port="8083"
access_key="HereYourAccessKey"
secret_key="HereYourSecretKey"
##########################################

# Check number of arguments (max 12)
narguments="$#"
arguments="$((narguments - 1))"
max_args=12
if [[ $arguments -gt $max_args ]]; then
        echo "Error: Only allowed the command and $max_args arguments and you are using $arguments arguments"
        exit 1
fi

# url, returncode, cmd and argument variables
api_url="https://${host}:${port}/api/"
rc="no"
cmd="${1-v-list-users}"
arg1="$2"
arg2="$3"
arg3="$4"
arg4="$5"
arg5="$6"
arg6="$7"
arg7="$8"
arg8="$9"
arg9="$10"
arg10="$11"
arg11="$12"
arg12="$13"

if ! echo "$cmd" | grep -q '^v-'; then
        echo "Error: $cmd doesn't seem a valid Hestia command"
        exit 1
fi

if [[ "$arguments" -gt 0 ]]; then
        i=1
        arg_data=""
        while [[ $i -le $arguments ]]; do
                arg_data="${arg_data},\"arg$i\":\"$(eval echo \$arg$i)\""
                ((++i))
        done
fi

curl -s -X POST -d "{\"access_key\":\"${access_key}\",\"secret_key\":\"${secret_key}\",\"returncode\":\"$rc\",\"cmd\":\"$cmd\""${arg_data}"}" "${api_url}"

Edit: I forgot to say that it worked :wink:

$ ./api_hestiacp_test
Error: Key HereMyAccessKey don't have permission to run the command v-list-users

$ ./api_hestiacp_test v-list-sys-services
NAME        STATE    CPU  MEM  UPTIME
----        -----    ---  ---  ------
nginx       running  0    197  2144
php7.4-fpm  running  0    12   2144
php8.0-fpm  running  0    12   2144
php8.1-fpm  running  0    12   2144
php8.2-fpm  running  0    13   2144
exim4       running  0    47   2144
dovecot     running  0    0    2144
spamd       running  0    448  8563
postgresql  running  0    13   8563
mariadb     running  0    703  8563
vsftpd      running  0    0    2144
cron        running  0    1    8563
ssh         running  0    15   8564
iptables    running  0    0    0
fail2ban    running  0.2  171  8563                                                                                              

$ ./api_hestiacp_test v-list-web-domains test
DOMAIN             IP           TPL      SSL  DISK  BW  SPND  DATE
------             --           ---      ---  ----  --  ----  -----
test.example.com  203.0.113.1  default  no   61    0   no    2023-08-14

I hope this helps.

Cheers,
sahsanu

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.