-
Notifications
You must be signed in to change notification settings - Fork 7
Authentication
Authentication is, for now, just plain HTTP authentication (so be sure any production servers run on SSL).
Each domain is associated with (for now) one user account, this is done with the account
column in the domains
table. This is used because it's a "standard column" in the PowerDNS database schema and the PowerDNS server supports populating it if you are using the supermasters feature.
To setup a password for an account, use the account
option to the powerdns_api
program: ./script/powerdns_api account [account-name] [password]
, for example ./script/powerdns_api account example verysecret
will setup an example
account.
You can then list the domains in the example account with
curl -u example:verysecret http://localhost:3000/
Support an authentication token or maybe OAuth to make it easier to integrate the API in a front-end/client application.
If the request parameters are plain HTTP queries, it'd be easy to also have an API secret and sign the requests.
If there's an HTML/JS interface we'll need to add a CSRF token of sorts to all requests.