Web Services Access¶
You may configure Web Services / REST API permissions in.
Web services access may have two different meanings:
- Who may access REST APIs of various XiVO daemons, and which resources in those REST APIs?
- Who may access PHP web services under
REST API access and permissions¶
Those REST API interfaces are documented on http://<youxivo>.api. They all require an authorization token, obtained by giving valid credentials to the REST API of xivo-auth. The relevant settings are:
- Login/Password: the xivo-auth credentials (for the xivo-auth backend
- ACL: The list of authorized REST API resources. See REST API Permissions.
Unlike PHP web services, there is no host-based authorization, so the
Host setting is not
A few REST API access are automatically generated during the installation of XiVO, so that XiVO services may authenticate each other.
You will probably only need to create such a REST API access when you want another non-XiVO service to communicate with XiVO via REST API.
PHP web services¶
Those web services are deprecated. There is no documentation about their usage, and the goal is to remove them.
They are still protected with HTTP authentication, requiring a login and password. The relevant settings are:
- Login/Password: the HTTP authentication credentials
- Host: the authorized hosts that are allowed to make HTTP requests:
- Empty value: HTTP authentication
- Non-empty value: no HTTP authentication, all requests coming from this host will be accepted. Valid hosts may be: a hostname, an IP address, a CIDR block.
There is no fine-grained permissions: either the user has access to every PHP web services, or none.
There is also a special case for authentication with xivo-confd. See XiVO REST API for more details.