add "&clientid=<some-ID-of-client>" to your URL.
Goal: it makes clear which clients are accessing the API. Especially handy when you see "API Key incorrect, Use the api key from Config->General in your 3rd party program:" in your SABnzbd warnings. Currently you can only guess which client is trying to access the API without the correct API key.
Apparantly SABnzbd already accepts (and ignores?) "&clientid=blabla" in the URL. See below. That's good.
Change needed in SAB is to report the clientid in the warning. And the source IP address (if possible)
Change needed in clients using the API is to add the "&clientid=blabla". Not too difficult
A change in SAB in the future could be an option to only accept clients request that have "&clientid=blabla" added.
Please note: this is not a protection against bad behaving API clients. It's just a good behavior way of using the API. The most used programs / plugins will probably be willing to the code to their request, making identifiying easier.
Feedback welcome.
Code: Select all
sander@toverdoos:~$ curl 'http://localhost:8080/api?mode=qstatus&output=xml&apikey=123abc&clientid=sandercurltester'
<?xml version="1.0" encoding="UTF-8" ?>
<queue><have_warnings>0</have_warnings>
<jobs></jobs>
<noofslots>0</noofslots>
<paused>False</paused>
<pause_int>0</pause_int>
<mbleft>0.0</mbleft>
<diskspace2>1.09359359741</diskspace2>
<diskspace1>1.09359359741</diskspace1>
<speed>0 </speed>
<timeleft>0:00:00</timeleft>
<mb>0.0</mb>
<state>IDLE</state>
<loadavg>0.00 | 0.01 | 0.05 Memory usage: Virt: 387 MB. Res: 26 MB.</loadavg>
<kbpersec>0.0</kbpersec>
</queue>
