How to create custom API Endpoints

#1

Hi,
I’m fairly new to PHP so I don’t know how to do this.
Is there a way to create custom API Endpoints?
I would like the user to be able to logout but im not sure how to call the available function.

Thanks for your help!

#2

When you use the api, you just don’t log anyone out.

Your api requests pass an api token to the api endpoint in need of getting some data from cockpit. This api token won’t expire (as for now) and can always be used in order to fetch data without the need of authenticating a user at cockpit.

I guess you perhaps missunderstood the concept cockpit is based on.

The interface that you can log in to (http://yourwebserver.com/cockpit) is just for the content editor. This is just a admin / editor backend.

The API is for getting/fetching data that you may display on your webpage (or app or what ever).

A user that views your application (or webpage or what ever…) does not need to log in (and so he also does not need to log off) in order to make your application display data that you put in there as an admin/editor.

#3

Yes true but I want to use it for user management too, so that users can register an account and so on. Is that possible?
Also is there a way to restrict certain Collections Entries for a particular user?
I noticed there’s a access-list field type but the requesting user is always seeing all entries.

Thanks for your help

#4

I think it is possible but it won’t be that easy I guess.

For example this method can be used to check a user and password combination against the user DB of an cockpit installation:

public static function checkAuth($user, $pass){
    $url = self::$_COCKPIT_BACKEND_URL . '/auth/check';
    $fields = [
        'auth' => [
            'user' => $user,
            'password' => $pass,
        ]
    ];
    $data_string = json_encode($fields);
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Content-Type: application/json',
        'Content-Length: ' . strlen($data_string))
    );
    return json_decode(curl_exec($ch), true);
}

So if a user tries to log in with his credentials and this function returns a success. You could set a session variable in order to store the “logged in” state. In order to log the user out, you would then just delete the session. But this won’t come up with any solution in enabling users to register with your cockpit installation. I guess cockpit is not ment to be used this way buy indeed this should be able to do with some workarounds however.

collection entries? I’m not completely sure about that; don’t think you can get this straight the easy way - but I guess you could do this by putting PHP code to the “read” ACL as I mentioned before within your other support request (where you attached the screenshot). But in general term collection entries are considered to be treated as one group of data - so without building workarounds you should not be able to restrict dedicated entries for one and the same user.

1 Like
#5

In Cockpit you can create a custom api entry point pretty easy:

Create the following file /config/api/custom.php

we now do a custom query in that file:

<?php

// very simple code here

$test = $this->param('test');

if (!$test) {
    return false;
}

return $test;

now you can query /api/custom?token=xxx&test=foo,bar,baz

if you want to have the api public (without token) then create the file in a subfolder named public: /config/api/public/custom.php

now you can query /api/public/custom?test=foo,bar,baz

4 Likes
#6

Interesting, but the same couldn’t be achieved using a custom addon? I mean, if what is required is to provide further logic when accessing a custom endpoint may be better to encapsulate that in an addon than on PHP file inside the config.

#7

pauloamgomes - the grandmaster of cockpit addon creation :joy:

#8

as always, it depends :wink: if you want something re-usable then I would also recommend to do an addon, but if it is something project specific, then custom api entry points are a solution to solve things or provide specific data quickly

#9

sure, that makes sense and its really a quick way to solve the issue

#10

@artur Would it be possible to add this information in the documentation:
https://getcockpit.com/documentation

Maybe a new section called “Customization”?
Can we pull request for adding this precious piece of information?