https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37060
--- Comment #7 from David Cook <[email protected]> --- (In reply to Matthias Meusburger from comment #6) > Thanks David for the feedback! > > You're thinking about > https://wiki.koha-community.org/wiki/Koha_/svc/ > _HTTP_API#Changes_coming_in_Koha_24.05 ? > > "This initial request generates a CGISESSID cookie linked to an anonymous > session and provides a Csrf-Token in a response header." > > Correct? More or less! Basically, you do that first anonymous GET request to get the anonymous CGISESSID cookie and a Csrf-Token (via the HTTP response headers): e.g. curl -v 'http://localhost:8081/cgi-bin/koha/svc/authentication' --cookie-jar /tmp/test.cookies Then, using that same cookie and that Csrf-Token, you'll probably want to login using that endpoint as well (I'll explain more in a moment): e.g. curl -v -H "Content-Type: application/x-www-form-urlencoded" -H "Csrf-Token: 4dda36756ec4f7ac178fb5500e1873b6f50cf9bc,699bc3e9fbb01ca7282bc8d847d8a018e696d327,1716342462" -XPOST -v 'http://localhost:8081/cgi-bin/koha/svc/authentication' -d "login_userid=koha&login_password=koha" --cookie /tmp/test.cookies --cookie-jar /tmp/test.cookies Now the reason you'll probably want to do this is because you'll get a *NEW* authenticated CGISESSID cookie, and a *NEW* CSRF token. You can use these *NEW* credentials for as long as the cookie and token are valid (the token is valid for up to 8 hours if I recall correctly). If you skip this step, you'll probably get stuck, since "offline/service.pl" doesn't appear to return a cookie or Csrf-Token. In other words, if you skip this login step, you'd have to repeat the 1st step for every "offline_circ/service.pl" request, and you don't want to do that. Anyway, then, you should be able to do as many API requests as you want to that "offline_circ/service.pl" script. -- Let me know if that doesn't make sense. You can look at "./misc/migration_tools/koha-svc.pl" for some examples of what this looks like in practice. If you have a public git for it, I could also take a little look to make more in-context comments. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
