REST API via PHP-Script

<< Click to display Table of Contents >>

Navigation:  Interfaces > REST API >

REST API via PHP-Script

In this chapter, you will learn how to address the REST API interface with a PHP script. We will provide you with an example script that you can adapt as required to meet your requirements.

 

To make the script compatible with your installation, you must adjust the following variables:

 

This value describes the URL for the request. If bestinformed is installed on the local machine, for example, this is the appropriate URL.

$url = 'https://localhost:8431/rest';

 

This value specifies the REST API username, further information can be found in the chapter REST API > Authentication on the server.

$username = "rest_admin";

 

This value specifies the password of the REST API user, further information can be found in the chapter REST API > Authentication on the server.

$password = "cw";

 

This value describes the origin of the request, this must be identical to the allowed hosts in System (global), further information can be found in the chapter REST API > Request to the API interface.

$origin = "cordaware";

 

Here you define the action that the script executes. You can find all possible actions and further information in the chapter REST API > Examples.

$body = [];

 

Script

In this example, an info is created with the following properties:

- The info is sent to all clients whose computer names begin with “DESKTOP-”.

- The info text is “I was sent using the REST API.”

- The info is active on the server for one minute and is displayed on the client for one minute.

 

 

<?php
 
// Create the X-Best-Auth header
function generateXBestAuth($username, $password) {
    // Generate random salt value
    $salt = bin2hex(random_bytes(16));
    // Create hmac
    $hmac = hash_hmac('sha256', $username.$salt, $salt.$password, true);
    // Encode in base64
    $secret = base64_encode($hmac);
    // Create JSON object
    $json = json_encode([
        "username" => $username,
        "secret"   => $secret,
        "salt"     => $salt,
    ], JSON_UNESCAPED_UNICODE);
    // return Json to base64
    return base64_encode($json);
}
// Send the request
function sendRequest($url, $xBestAuthHeader, $body, $origin) {
    // Initialize curl
    $ch = curl_init($url);
    // Set the curl options
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);   
    /*
   // Ssl opts
   // Path to the cert
    curl_setopt($ch, CURLOPT_CAINFO, "/path/to/cacert.pem");      
   // Ssl verify false
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);                                    
    // Ssl verify host false                                                             
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    */
   // Set the value to true | to activate ssl, you also need the options above
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
   // Activate post request
    curl_setopt($ch, CURLOPT_POST, true);
   // Setting headers for curl
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        "Content-Type: application/json",
        "X-Best-Auth: $xBestAuthHeader",
        "Origin: $origin",
    ]);
 
    $json = json_encode($body,JSON_UNESCAPED_UNICODE);
   
   echo "body will be: ";
   echo "".$json;
   
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body,JSON_UNESCAPED_UNICODE));
   // Timeout 30 seconds
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}
// Setting the url for the request
$url = 'https://localhost:8431/rest';
// Setting the username to be used for the REST API in Cordaware bestinformed
$username = "rest_admin";
// Setting the password for the username
$password = "cw";
// Setting the origin for the request. This has to be the same value as in Cordaware bestinformed in "System -> System (global)" for the REST API
$origin = "cordaware";
// Generate auth header
$header = generateXBestAuth($username, $password);
// Request body for action, for all actions please look at our webhelp
$body = [

    "action" => "newinfo",

    "info" => "I was sent using the REST API.",

    "minutes" => "1",

    "active" => "1",

    "quickusersonly" => "true",

    "quickusersadditional" => "false",

    "quickusers" => "[

      {

        \"computer\": \"DESKTOP-*\",

        \"user\": \"*\",

        \"ipaddress\": \"*\",

        \"domain\": \"*\"

      }

    ]",

];
 
// Send the request
$responseInfo = sendRequest($url, $header, $body, $origin);
$decodedResponse = json_decode($responseInfo, true);
?>

Tested with PHP version 8.4.4 and 8.2.12. The extension=curl must be activated.