habskilla Posted August 21, 2018 Share Posted August 21, 2018 Or is WinAPI strickly a Powershell option? Link to comment Share on other sites More sharing options...
support Posted August 21, 2018 Share Posted August 21, 2018 Hi Habskilla, Sorry, the WinAPI (Windows API) can only be called from Windows Machines using PowerShell. With the use of PowerShell, you can execute the script under the identity of an Active Directory account, which then gives you the same level of access as if you were logged into Passwordstate. For Linux machines, you will need to use the standard API, which used API Keys for authentication. Regards Click Studios Sarge 1 Link to comment Share on other sites More sharing options...
Sarge Posted August 27, 2018 Share Posted August 27, 2018 On 8/22/2018 at 7:06 AM, support said: Sorry, the WinAPI (Windows API) can only be called from Windows Machines using PowerShell. Possibly. But I wouldn't suggest it in a production environment yet. Powershell Core is GA on Linux and MacOS. https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/ Link to comment Share on other sites More sharing options...
support Posted August 27, 2018 Share Posted August 27, 2018 Hi Guys, Interesting - didn't know that was even in the works. With PowerShell and our WinAPI, it is the parameter -UseDefaultCredentials which is used to pass the identity of the authenticated "Windows" account across to our API - basically it's impersonation. I'm not sure, but I don't think PowerShell Core can support this, as you're not logged on as a Windows User - unless there's a way to do this in Linux. Regards Click Studios Link to comment Share on other sites More sharing options...
Fabian Näf Posted August 27, 2018 Share Posted August 27, 2018 You can also save your credentials in a variable ($credVariabke = Get-Credentials) and pass this to the Invoke-Rest Powershell command. So I assume, there could be a way. I also can imagine, that you could pass your credential to a REST-call header from another system (e.g. bash script) to authenticate, but I'm not familiar with bash scripts. habskilla 1 Link to comment Share on other sites More sharing options...
Azkabahn Posted January 9, 2019 Share Posted January 9, 2019 Hi, i would not say that you can use WinApi only from windows machines. We are using WinApi from Linux machines for quite some time and it works fine as simple as this: curl --ntlm -u "user:pass" "https://passwordstate_url/winapi/passwords/XX" Link to comment Share on other sites More sharing options...
support Posted January 9, 2019 Share Posted January 9, 2019 Thanks for sharing Link to comment Share on other sites More sharing options...
habskilla Posted January 18, 2019 Author Share Posted January 18, 2019 Thanks very much. Works without issue in our environment. @Fabian Näf What are you using to parse the json response? Something like jq? Link to comment Share on other sites More sharing options...
Fabian Näf Posted January 19, 2019 Share Posted January 19, 2019 Hi Habskilla To create the REST JSON Body I always go for the following approach: First create a PowerShell object and convert it then to a JSON-String. The big advantage of that is, that you don't have to care about any special characters, escaping and stuff like that. $Body = @{ FolderName = $Name Description = $Description NestUnderFolderID = $ParentFolderID APIKey = $global:PasswordStateSystemWideAPIKey } $jsonBody = $Body | ConvertTo-Json $PasswordstateURLFull = "$($global:PasswordstateURL)/api/folders" $result = Invoke-Restmethod -Method POST -Uri $PasswordstateURLFull -ContentType "application/json; charset=utf-8" -Body $jsonBody The response I get is then stored in $result and can be accessed directly: $output = $result.FolderID If you have the answer as a string you also could use for the following approach: $responseObject = $responseJsonString | ConvertFrom-Json If you take a look the KeePassImport-Script you'll find some more examples. All the best, Fabian Link to comment Share on other sites More sharing options...
habskilla Posted February 27, 2019 Author Share Posted February 27, 2019 For those of you who are not keen of sending clear text passwords, I used gpg to encrypt the user:password. I decrypt it on the fly with the following method: curl -sS --ntlm -u $(gpg -qd --no-tty winapi.login.gpg) https://xxxx.com/winapi/passwords Link to comment Share on other sites More sharing options...
support Posted February 27, 2019 Share Posted February 27, 2019 Thanks for sharing habskilla - we appreciate it Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now