I have recently provided articles in regards to the installation and configuration of {php}IPAM IP. One of my use cases for investigating the use of IP address management systems was to provide a API/server module to request an IP address for allocation.
By default, a module is provided to request an IP address by browsing to Administration > IPAM settings > Feature Settings and enabling the ‘IP request module’.
However, this requires user interaction in order to approve the pending request. Now this is where I discovered a number of php scripts by Doug Morris that leverage the API framework. In this scenario, getFreeIP.php provides the functionality to retrieve the first available IP address for a subnet. In addition the following scripts are available from the repository:
getIPs.php – dump information for a subnet.
removeHost.php – removes IP address information from a subnet for a host.
tokenValid.php – validates API token for requests.
In order to retrieve the first available IP address for a subnet we will also require to validate the API token for the request so we will also need the tokenValid.php file as well. The files should be placed in the ‘/var/www/phpipam/api’ directory.
cd /tmp git clone https://github.com/covermymeds/phpIPAM-api.git cd /tmp/api cp getFreeIP.php tokenValid.php /var/www/phpipam/api
In order to submit a request to the API we need to browse to Administration > IPAM Settings > Feature Settings and enable the API server module. Then browse to Administration > IPAM Settings > API Management to create an API key to which you will specify an application identifier and for this use case set ‘Read’ application permissions.
In order for the API server module to provide data to client requests the php curl and mcrypt extensions are required to be installed, the mcrypt extension enabled and a restart of the Apache Web Server to apply.
sudo apt-get install php5-curl php5-mcrypt sudo php5enmod mcrypt sudo service apache2 restart
Now we have enabled API server module, created the API key and placed the script files on the host. We can now send an HTTPS request which requires the following information:
Application Identifier
Application Code
Subnet
Hostname
Owner
The request will return the first free IP address in for the subnet and reserve the IP address. If an IP address has already been reserved for the hostname, this will be returned. In this example I am submitting a request to reserve an IP address for the hostname ‘server1.dean.local’ in the subnet ‘10.0.0.0’ and specifying the owner as ‘deangrant’
curl https://ipam.dean.local/api/getFreeIP.php?apiapp=dean&apitoken=30c13f9d33668a5e13e79a5865dc409f&subnet=10.0.0.0&server1.dean.local&user=deangrant 10.0.0.3
Hi Dean,
Thanks for writing this post, it’s very helpful and informative. The only api functionality I’ve successfully been able to use in phpipam is your api files found here.
I’m not familiar enough with mcrypt in php to be able to send encrypted requests. I’m wondering if you found a way to modify the given php file in phpipam api to remove the encrypted requirement, and if so, share?
Thanks,
Steven
LikeLike
There should be no need to configure mcrypt, if you have enabled the SSL engine for your site, see my post where I discuss the installation and configuration, there is an additional step for enabling SSL for the virtual host – https://deangrant.wordpress.com/2015/12/12/phpipam-installation-and-configuration-on-ubuntu/
LikeLike
Hi, i sorry, but me need help. I try set API, but is not work. I read to github, but author silent.
Trouble:
Hi, please need help with API. My enviromment:
phpipam 1.3;
Server version: Apache/2.4.10 (Debian);
PHP 5.6.30-0+deb8u1 (cli);
My site config:
ServerName ipam.example.com
Redirect “/” “https://ipam.example.com/”
ServerName ipam.example.com
DocumentRoot /var/www/phpipam
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/name.crt
SSLCertificateKeyFile /etc/apache2/ssl/name.key
ServerAdmin support@example.com
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Prettify links is enable. I create api key:
app id: vpn
app code: xxxxxxx
permission: read
security: crypt
I try get:
curl -X GET https://ipam.example.com/api/vpn/subnets/6/?links\=false –header “token: xxxxxxx”
Answer:
{“code”:400,”success”:0,”message”:”Request is not valid”,”time”:0}
I don’t understand why it is not work. You may me need help?
I will be grateful for any help
LikeLike