I would like to write a nice applicaiton to monitor file activities and spread this information with various NC API calls ? API works easily with username and passwords, but if put https GET request from php code with logged in user, how can I get http basic auth credentials for https request.
just an example:
I have search applicaiton and the code does indexing, with special situations I want to use NC API-s but no willing to ask username password again, because the user is logged in ? Can I use current session in NC API or do I have shortcuts I can use direct calls to API functions ?
The goal is to write new app and use NC API to integrate other apps for better compatibility ? All requests land on localhost then.
have you seen and read https://nextcloud.com/developer/ and https://docs.nextcloud.com/server/19/developer_manual/app/tutorial.html?
Also, are you talking about writing your own Nextcloud app or desktop/mobile app?
I have seen the manuals, I am designing a nextcloud native web app and willing to have the compatibility as maximum. Currently all API calls require
basic authentication. My first idea is to disable authentication for localhost ip address source in lib/private and move on. This kind of option would be very nice to allow one remote or local IP to access API without password.
I am talking about servers not connected to the Internet at all, these are intra accessible only and with lower risk.
Disabling basic auth is a really bad ID. One can spoof the internal IP and bypass authentication. You don’t want that.
I’m not sure what else you need help with? Access Nextcloud’s php API? Or expose your an API from your app?
Yes I know that, later I will try the token authentication towards API, hope it works. I just need quick solution for testing. If you know NC function calls to get current user token it may save some minutes.
But bigger problem in NC API is wrong password throttle and no whitelist settings in NC 18, I had to hardcode my address, because sometimes one test with error might activate this security countermeasure. I am willing to contribute later to fix such errors and add some features but no time right now.