API: Unauthenticated. Please provide api user credentials.

[dennis.stockhofe]

Hallo zusammnen,

ich verwalte aktuell 10 Froxlor Server, die ich per API steuere (Kunden anlege, Deployment etc.). Neuerdings kann ich auf die API nicht mehr zugreifen. (Key's gelöscht und neue erstellt)

Die Server laufen alle auf Ubuntu 24.04 (Problem war auch schon auf 22.04) und sind aktuell.

Installiert sind

• PHP 7.4.33
• PHP 8.0.30
• PHP 8.1.31
• PHP 8.2.27
• PHP 8.3.16
• Apache 2.4.58

Für Froxlor nutze ich PHP 7.4 oder PHP 8.3, bei beiden das gleiche.

In meinem PHP Script zur Steuerung von Froxlor API, sende ich den beim Curl einen Authorization-Header mit:

$this->key = base64_encode($api_key . ":" . $api_secret);

Meine Methode dazu:

    private function requestCurl(string $data): array
    {
        $this->last_error = "";

        $ch = curl_init($this->host);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            "Content-Type: application/json",
            "Authorization: Basic " . $this->key
        ]);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
        curl_setopt($ch, CURLOPT_VERBOSE, true);
        curl_setopt($ch, CURLOPT_HEADER, 1);
        $verbose = fopen("php://temp", "w+");
        curl_setopt($ch, CURLOPT_STDERR, $verbose);

        if (!$data = curl_exec($ch)) {
            $this->last_error = "Curl execution error: " . curl_error($ch) . "\n";
            rewind($verbose);
            $verboseLog = stream_get_contents($verbose);
            $this->last_error .= "Verbose information: " . htmlspecialchars($verboseLog) . "\n";
        }

        $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
        $header = substr($data, 0, $header_size);
        $body = substr($data, $header_size);

        curl_close($ch);

        if ($this->debug) {
            $this->cli->out($body, $this->debug);
        }

        return [
            $header,
            $body,
            "status" => curl_getinfo($ch, CURLINFO_HTTP_CODE)
        ];
    }

Um auszuschließen, dass es am Script liegt, habe ich aus dem API Guide folgende Bash-Script erstellt

#!/bin/bash

FROXLOR_API_KEY=7441a9a717e43XXXXXXXXXXXfcb703dd538ce3c9d3XXXXXXXXXX588f6e9631e01
FROXLOR_API_SECRET=50a637af968186db463f0b95196368aXXXXXXXXXXe07af6c7c3ce63eab39XXXXXXXXXXa86bade51da38bbXXXXXXXXXX9aa821911b9b6efd3a8fc85620f8ec4

AUTH=$(echo -ne "$FROXLOR_API_KEY:$FROXLOR_API_SECRET" | base64 --wrap 0)

curl -v \
  --header "Content-Type: application/json" \
  --header "Authorization: Basic $AUTH" \
  --request POST \
  --data  '{"command":"Froxlor.listFunctions"}' \
  https://server.firma.de/api.php

API_KEY und API_SECRET ist natürlich für hier geändert, sowie den Froxlor Server. Bei diesem Script bekomme ich den gleichen Fehler:

Note: Unnecessary use of -X or --request, POST is already inferred.
* Host froxlor.firma.de:443 was resolved.
* IPv6: (none)
* IPv4: 167.0.60.0
*   Trying 167.0.60.0:443...
* Connected to froxlor.firma.de (167.0.60.0) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=froxlor.firma.de
*  start date: Dec 30 22:43:12 2024 GMT
*  expire date: Mar 30 22:43:11 2025 GMT
*  subjectAltName: host "froxlor.firma.de" matched cert's "froxlor.firma.de"
*  issuer: C=US; O=Let's Encrypt; CN=R10
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://froxlor.firma.de/api.php
* [HTTP/2] [1] [:method: POST]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: froxlor.firma.de]
* [HTTP/2] [1] [:path: /api.php]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [content-type: application/json]
* [HTTP/2] [1] [authorization: Basic NzQ0MWE5YTcxN2U0M2Y4Y2FiOTYxZjNmY2I3MDNkZDUzOXXXXXXXXXX4NzJiY2NhNTg4ZjZlOTYzMWUwMTo1MGE2MzdhZjk2ODE4NmRiNDXXXXXXXXXXhhYmMzMjQxZTVlZmNlMDdhZjZjN2MzY2U2M2VhYjM5Yjg2MzI4ZjAyYTg2YmFkZTUxZGEzOGJiMTA1NTlXXXXXXXXXXXXXXNmVmZDNhOGZjODU2MjBmOGVjNA==]
* [HTTP/2] [1] [content-length: 35]
> POST /api.php HTTP/2
> Host: froxlor.firma.de
> User-Agent: curl/8.5.0
> Accept: */*
> Content-Type: application/json
> Authorization: Basic NzQ0MWE5YTcxN2U0M2Y4Y2FiOTYxZjNmY2I3MDNkZDUzOXXXXXXXXXX4NzJiY2NhNTg4ZjZlOTYzMWUwMTo1MGE2MzdhZjk2ODE4NmRiNDXXXXXXXXXXhhYmMzMjQxZTVlZmNlMDdhZjZjN2MzY2U2M2VhYjM5Yjg2MzI4ZjAyYTg2YmFkZTUxZGEzOGJiMTA1NTlXXXXXXXXXXXXXXNmVmZDNhOGZjODU2MjBmOGVjNA==
> Content-Length: 35
> 
< HTTP/2 401 
< accept: application/json
< x-ratelimit-limit: 60
< x-ratelimit-remaining: 59
< x-ratelimit-reset: 1739270971
< www-authenticate: Basic realm="API"
< content-type: application/json
< date: Tue, 11 Feb 2025 10:48:31 GMT
< server: Apache/2.4.58 (Ubuntu)
< 
{
    "message": "Unauthenticated. Please provide api user credentials."
* Connection #0 to host froxlor.firma.de left intact
}#

Hier auch wieder, Domain, IP und API Key geändert 😉

Hat jemand das gleiche Problem oder sogar die Lösung für mich?

[d00p]

Sichergestellt, dass unter PHP -> PHP Konfigurationen -> config für froxlor die option "Übergeben von HTTP AUTH BASIC/DIGEST-Headern von Apache an PHP" aktiviert ist?

[dennis.stockhofe]

Danke, das war es!