Reference: Custom DNS via Rest API - V6
Expected Behaviour:
App API password + Permit destructive actions via API once enabled should allows API destructive actions with no CLI required.
admin/settings/api- Enable “
Permit destructive actions via API” - “
Configure app password”
curl -k -X POST "https://10.19.0.3/api/auth" --data '{"password":"APP_TOKEN_HERE"}'
curl -k -X PUT "https://10.19.0.3/api/config/dns/hosts/10.0.0.0%20test.home.arpa"
-H 'accept: application/json'
-H 'sid: SID_FROM_POST_HERE'
{"took":0.003841400146484375}
New DNS record displays under admin/settings/dnsrecords
Actual Behaviour:
admin/settings/api- Enable “
Permit destructive actions via API” - “
Configure app password”
If I replace APP_TOKEN_HERE with my password, you get the output above and it all works.
If I replace APP_TOKEN_HERE with the App token, you get the output below and RIP, App API password is read-only for whatever reason.
curl -k -X POST "https://10.19.0.3/api/auth" --data '{"password":"APP_TOKEN_HERE"}'
curl -k -X PUT "https://10.19.0.3/api/config/dns/hosts/10.0.0.0%20test.home.arpa"
-H 'accept: application/json'
-H 'sid: SID_FROM_POST_HERE'
ok: [localhost] ={
"put_output.stdout_lines": [
"{
"error": {
"key": "forbidden",
"message": "Unable to change configuration (read-only)",
"hint": "The current app session is not allowed to modify Pi-hole config settings (webserver.api.app_sudo is false)"
},
"took": 0.0000698566436767578
}"
]
Solution:
Trying to make it all make sense, even tho the token is correct and destructive mode is enabled, I had to enabled it via CLI:
#sudo pihole-FTL --config webserver.api.app_sudo true
true