Hi JeanPaul, I am sure you know this link, but I will posted it in case you did not use it: http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html
I am not really sure what you mean by "passwords needs to be hashed in md5", as far as I know you need to use HMAC SHA-1 to create the signature. Can you please provide more information regarding the plain text password situation? Regarding your issue with icons: I am only able to test on version 4.18.0.0 at the moment, so I am unsure how it was in 4.17.2.0, but I am able to get icon via api. You need to set showicon=true and if the user has an icon you get it as base64image. Please be aware that if the user does not have an icon, then there is no icon tag in the response. Here is the api call I used before encrypting it: command=listUsers&showicon=true&response=json Hope that helps! regards, Swen -----Ursprüngliche Nachricht----- Von: JeanPaul van der Mijle <jp.vandermi...@hyperai.ai> Gesendet: Freitag, 24. März 2023 16:10 An: users@cloudstack.apache.org Betreff: API question. Hi All, Been playing with the API for a bit for an easy access/streamlined front end. I have found out several things that seems not right in the documents. Following the documents at https://cloudstack.apache.org/api/apidocs-4.17/, since we have 4.17.2.0 installed at the moment, I found that the documents isn't always right. For instance: Authentication, Login. It mentions passwords needs to be hashed in md5. I was debugging over an hour why it didn't work, to find out this was not true and it just accepts plain text passwords. Even if MD5 is weak, it is not the biggest issue right now. Documents refer for other options of hashing should be made myself. Which is on the task list anyway as MD5 is only good for testing. But it is not even there. Now for the thing that bugs me the most right now, which doesn't stop the rest of the development but is quite annoying: Users, listUsers. * Users, getUser. Accounts, listAccounts. * All have the same issue, in the response I should get icon response too. At least 1 out of the 3. It's not there. For the other 2 (marked with *) they both have in their request a non required flag: showicon. I tried: showicon showicon=true showicon=1 showicon=yes So far, all errors out and I get the message that either credentials are at fault or that the signature is incorrect. However, removing this flag, the command works. So I doubt it is faulty creds. I did the flag as well within the signature, as outside the signature, so far no juice. I am aware about the pickyness of the API, so within PHP I just build up an array and run http_build_query to keep the alphabetic order on the request. Hope someone can give me insight! Thanks, have a nice weekend. With regards, JeanPaul
