Web Services Access
You may configure Web Services / REST API permissions in
.Web services access may have two different meanings:
Who may access REST APIs of various XiVO daemons, and which resources in those REST APIs?
Who may access PHP web services under
https://xivo.example.com/xivo/configuration/json.php/*
?
REST API access and permissions
Those REST API interfaces are documented on http://<youxivo>.api. They all require an authorization token, obtained by giving valid credentials to the REST API of xivo-auth. The relevant settings are:
Login/Password: the xivo-auth credentials (for the xivo-auth backend
xivo_service
)ACL: The list of authorized REST API resources. See REST API Permissions.
Unlike PHP web services, there is no host-based authorization, so the Host
setting is not
relevant.
A few REST API access are automatically generated during the installation of XiVO, so that XiVO services may authenticate each other.
You will probably only need to create such a REST API access when you want another non-XiVO service to communicate with XiVO via REST API.
PHP web services
Warning
DEPRECATED
Those web services are deprecated. There is no documentation about their usage, and the goal is to remove them.
They are still protected with HTTP authentication, requiring a login and password. The relevant settings are:
Login/Password: the HTTP authentication credentials
Host: the authorized hosts that are allowed to make HTTP requests:
Empty value: HTTP authentication
Non-empty value: no HTTP authentication, all requests coming from this host will be accepted. Valid hosts may be: a hostname, an IP address, a CIDR block.
There is no fine-grained permissions: either the user has access to every PHP web services, or none.
xivo-confd
Warning
DEPRECATED
There is also a special case for authentication with xivo-confd. See XiVO REST API for more details.