Upcoming changes: authentication for more API endpoints required

Upcoming changes: authentication for more API endpoints required

In a future release we will introduce some changes to the web interface API.

This change will only affect you if your Pi-hole web interface is password protected AND you query the API endpoints directly (via http://pi.hole/admin/api.php?...), for example via a script or a third-party app.

If you are only using the normal dashboard, this change will not affect you.

Most endpoints already require a token for authentication. This is in line with the recent changes we made to the web interface to display no information about your setup if you are not logged in.

However, not all endpoints required a token so far. In the near future, the endpoints status, summary, summaryRaw and overTimeData10mins will also require a token (see https://github.com/pi-hole/AdminLTE/pull/2411/).


This means you need to change the URL you use to access these endpoints to include appropriate authorization like

Change

  • http://pi.hole/admin/api.php?status

to

  • http://pi.hole/admin/api.php?status&auth=<TOKEN>

You can get the token from Settings/API/Show API token or from /etc/pihole/setupVars.conf (WEBPASSWORD).

If your Pi-hole web interface is not password protected, nothing changes!