Anyone else attempting REST calls with version 6?

odin · March 9, 2025, 7:49pm

When I call the REST endpoint auth and pass in my API key I get a SID to use for the other REST requests. However, when I do I get this error regarding the SID:
(I have enabled Permit destructive actions via API)

{
  "error": {
    "key": "forbidden",
    "message": "Unable to change configuration (read-only)",
    "hint": "The current app session is not allowed to modify Pi-hole config settings (webserver.api.app_sudo is false)"
  },
  "took": 0.0002167224884033203
}

I have

yubiuser · March 11, 2025, 10:00am

What password did you use to authenticate? If you used the app password, you need to enable webserver.api.app_sudo to be able to change config settings.

But if you use your normal login password, changes should be allowed by default.

odin · March 11, 2025, 1:14pm

I used the app password and tried to use the webserver.api.app_sudo setting but that seemed to have no effect.

yubiuser · March 13, 2025, 4:46pm

Which endpoint did you try which results in this error?

rdwebdesign · March 13, 2025, 5:28pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or if you run your Pi-hole as a Docker container:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

yubiuser · March 13, 2025, 8:11pm

A post was split to a new topic: API Help

odin · March 13, 2025, 7:58pm

https://tricorder.pi-hole.net/kXAiUJpy/

yubiuser · March 13, 2025, 8:14pm

2025-03-13 14:55:26.385 CDT [13152/T13384] WARNING: API: Unable to change configuration (read-only) (key: forbidden, hint: The current app session is not allowed to modify Pi-hole config settings (webserver.api.app_sudo is false))

It seems the config option is still not enabled.

odin · March 14, 2025, 3:59pm

It is enabled. The issue is that any sid that I create seems to be nerfed to read only. I can create them if I use the Pihole API docs page but I need to be able to do this from a remote client.

yubiuser · March 14, 2025, 8:41pm

It was not, when you created the debug log.

[webserver.api]
       max_sessions = 16
       prettyJSON = true ### CHANGED, default = false
       pwhash = "$BALLOON-SHA256$v=1$s=1024,t=32$T8djjdhe" ### CHANGED, default = ""
       totp_secret = ""
       app_pwhash = "$BALLOON-SHA256$v=1$s=1024,t=hdhdjj" ### CHANGED, default = ""
       app_sudo = false
       cli_pw = true

Anyway.

Are you using the doc page to create the SID?
You can easily create a SID from any client on your network.
See Authentication - Pi-hole documentation