Private JSON link possible?

Hello all,

is there a possibility to protect the JSON-API against “the whole world”? I want to restrict the access to my home automation server, but as far as I can see, there’s only the possibility to share it without restrictions.

Am I wrong? If not, this would be a feature request :slight_smile:

Thank you for the great work so far.

Greetings from Germany


which link?


You must log on as admin.

@devnull I think the subject is PhoneTrack logging links.

@dora71 Even if you don’t need to be authenticated in Nextcloud to use those logging links, the session token acts like a sort of password so nobody can log to your sessions or get any information from them.

Even if you’re using the HTTP GET method to log, the URL path (/index.php/apps/phonetrack/…) is encrypted in the request, don’t worry about that.

Hello everybody and thank you for the quick replies.

I did not talk about the logging links, but the API-Link to get e.g. the last position like:

But most probably, the answer form Julien is the same here.

Will think about that … most probably there is also a way to restrict the access on the webserver itself as long as the path (./apps/phonetrack/api/) does not change.

Greetings from Germany

Hello again,

found a suitable solution for me. I am running Nextcloud in a docker container behind an Apache Proxy Server. For the API directory, I added the following in my virtual host config file from Apache Server (version 2.4.22):

    <ProxyMatch "/apps/phonetrack/api" >
      Require ip

Works as expected, the link can only be called from IP-Address
If somebody also or only wants to exclude the public link(s), the directory has to be changed to:

Perhaps it is useful for someone.

Thanks again for your help and for developing PhoneTrack and Nextcloud. I love it. :+1: