beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sftpgo/docs/rest-api.md
Nicola Murino 41a1af863e
OpenAPI: minor changes
2021-01-18 13:24:38 +01:00

2.4 KiB
Raw Blame History

REST API

SFTPGo exposes REST API to manage, backup, and restore users and folders, and to get real time reports of the active connections with the ability to forcibly close a connection.

If quota tracking is enabled in the configuration file, then the used size and number of files are updated each time a file is added/removed. If files are added/removed not using SFTP/SCP, or if you change track_quota from 2 to 1, you can rescan the users home dir and update the used quota using the REST API.

REST API are protected using JSON Web Tokens (JWT) authentication and can be exposed over HTTPS.

The default credentials are:

  • username: admin
  • password: password

You can get a JWT token using the /api/v2/token endpoint, you need to authenticate using HTTP Basic authentication and the credentials of an active administrator. Here is a sample response:

{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MTA4NzU5NDksImp0aSI6ImMwMjAzbGZjZHJwZDRsMGMxanZnIiwibmJmIjoxNjEwODc1MzE5LCJwZXJtaXNzaW9ucyI6WyIqIl0sInN1YiI6ImlHZ010NlZNU3AzN2tld3hMR3lUV1l2b2p1a2ttSjBodXlJZHBzSWRyOFE9IiwidXNlcm5hbWUiOiJhZG1pbiJ9.dt-UwcWdEMwoGauuiQw8BmgpBAv4YlTaXkyNK-7iRJ4","expires_at":"2021-01-17T09:32:29Z"}

once the access token has expired, you need to get a new one.

JWT tokens are not stored and we use a randomly generated secret to sign them so if you restart SFTPGo all the previous tokens will be invalidated and you will get a 401 HTTP response code.

You can create other administrator and assign them the following permissions:

  • add users
  • edit users
  • del users
  • view users
  • view connections
  • close connections
  • view server status
  • view and start quota scans
  • view defender
  • manage defender
  • manage system
  • manage admins

You can also restrict administrator access based on the source IP address. If you are running SFTPGo behind a reverse proxy you need to allow both the proxy IP address and the real client IP.

The OpenAPI 3 schema for the exposed API can be found inside the source tree: openapi.yaml.

You can generate your own REST client in your preferred programming language, or even bash scripts, using an OpenAPI generator such as swagger-codegen or OpenAPI Generator.

You can also use Swagger UI.