API text on README doesn't explain authencation is needed

[tejohnso]

Versions

• Pi-hole: 5.15.3
• AdminLTE: 5.18.3
• FTL: 5.20.1

Platform

• OS and version: Raspbian 10 buster
• Platform: Raspberry Pi

Expected behavior

The api should work as documented in README.

With either no parameters or /admin/api.php?summary it returns the following JSON ...

Actual behavior / bug

Calling /admin/api.php as indicated in the readme page returns []

Steps to reproduce

Steps to reproduce the behavior:

curl http://localhost/admin/api.php

Additional context

I noticed there's an additional post about upcoming changes with additional authorization requirements, but there is no indication from the response that authorization is required. And when I include authorization (?summary&auth=[token]) I get the same [] result.

Also the additional info link from the readme leads to a page that reiterates no authorization is necessary for "summary (default if no parameters are given)".

The following api call works:

curl "http://localhost/admin/api.php?type&version"
{"type":"FTL","version":3}

[rdwebdesign]

You need to add &token=<your_pihole_api_token> to every URL.

This behavior was changed last year.

It was announced in November (as you already noticed) and December Release Notes (under "Pi-hole Web changes").

[rdwebdesign]

Just to make it clear:
This is a documentation error.

The behavior you saw is the correct one.
The issue is on the README text not on the code.

[tejohnso]

Agree there's a documentation problem.

But I think there's a code error as well. If auth is required, the response shouldn't be 200 OK with an empty json array in the body. That's misleading.

Also, from the announcement, the parameter to include is auth not token as you indicated. But regardless of which of those I use, I still get the empty json array as a response.

[rdwebdesign]

Yeah... sorry. auth is the correct parameter.

But regardless of which of those I use, I still get the empty json array as a response.

Which URL are you using exactly?

[tejohnso]

Sorry I had a problem on my end with cURL. I'm able to get it working now.

So I'd say the only issue now is the documentation and the false 200 response.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[domdfcoding]

I second the request for a better error code than 200 when authentication is required but no token supplied. It wasn't apparent why I was getting an empty response with a 200 code. Receiving 401 (or 403 if the token was wrong) would have made it clear what was wrong.