On 03 January 2019 at 22:45 Ronald Poon <ronaldpoon@ud.hk> wrote:
Trying to limit the API calls to doveadm-http-api by configure allowed commands, but once the commands added to the list, the RestAPI no longer work.
- Return correct reply when doveadm_allowed_commands is empty
curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1 -d'[["quotaGet",{"user":"user1@mydomain.com"},"c01"]]' [["doveadmResponse",[{"root":"User quota","type":"STORAGE","value":"0","limit":1024","percent":"0"},{"root":"Userquota","type":"MESSAGE","value":"0","limit":"-","percent":"0"}],"c01"]]
- Return unAuthorized when doveadm_allowed_commands = quotaGet,quotaRecalc,expunge
curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1 -d'[["quotaGet",{"user":"user1@mydomain.com"},"c01"]]' [["error",{"type":"unAuthorized", "exitCode":0},"c01"]]
This is mostly because v1 API is not so fantastic. Try
doveadm_allowed_commands="quota get,quota recalc,expunge"
Aki