Query API when device has password authentication


My device has password authentication turned on and I was wondering what is the recommended way of formatting a CURL command? I 've tried the following but had no luck:

curl http://iotawatt.local/command?restart=yes -u admin:pass

The message logs report no restart has been initiated.

I don’t use curl regularly enough to be fluent. You can look it up as easily as I can. For something like a command, I typically just enter it into a browse. If you had previously authorized within 10 minutes,it should work, or else ask you for the password.

Yeah, in browser is fine, but I’m looking to execute the command without a graphical interface.

IoTaWatt uses Digest authentication. It is more secure and does not send passwords in plaintext, but rather sends a “digest” or cryptographic hashed version of it. It does this in response to a 401 Authenticate response by the IoTaWatt (server). The 401 request contains the method of authentication accepted (Digest) and some parameters that are used by the client to compose the Digest such that it is unique and not useful for replay attacks.

As I said, I don’t use curl very often, but googling “curl digest authentication” and skimming the results, it looks like you might need to add the --digest option to both inhibit initially sending your --auth credentials in plaintext in a Basic authorization header, and to enable curl to properly respond to the 401 authenticate initial reply.

1 Like