Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Unable to retrieve API token since v4.0.0 #99
I am using this switch to temporarily disable pihole blocking which uses curl and the authentication token:
After upgrading pihole to v4.0.0, this doesn't work anymore. The sensor still works fine but this does not use (?) the same interface (I assume).
Any way to get the API token or to gain access to PiHole's status and enabling/disabling it via curl or the like would do.
When trying to get the token underMenu, Settings > API / Web interface > Show API token > Yes, show API token just displays "No password set". But no token.
Steps to reproduce
Install pihole and try to get the token, see above.
Thanks for your quick reply! Unfortunately, this still doesn't work. I simply removed the "&auth=MY_OLD_TOKEN" part in my curl commands but they do not have any effect.
More ideas? What do you mean with 'it may need a new release', what precisely needs a new release? This addon?
Thanks again! :-)
Edit: regarding your edit, yes this is exactly the command I have used. :(
I'm also trying to get this to work. FYI here's the use-case: https://www.reddit.com/r/pihole/comments/bvq5aq/pihole_quick_enabledisable_toggle_for_apples_ios/
Inspired by the curl URL, I've found you can use the following configuration for HA:
I've successfully ran pi_hole.disable and .enable from HA to control the pi-hole HassIO addon.
So perhaps a minor documentation change is all that's needed.
While I am also able to disable the Pi-Hole addon by using the auth='' (empty token) trick, I can do that from any machine on my network. That seems like a security issue.
Any movement on making it possible to set a password for the Pi-Hole addon, so that there's a real API token?
I get that it's a tricky technical challenge. :-)
But, I don't think the right solution is to restrict API access to Home Assistant-only. That would mean that I can only use Home Assistant to enable/disable, which is quite limiting.
For example, I have an iOS app called PHRemote that gives a nice, simple interface for disabling for various lengths of time. And there's a project on GitHub for a similar app, that I've thought about hacking on for my own enjoyment, to have absolute control over the UX.
I get that I can customize my Home Assistant user interface to give me a similarly simple UX. But I'm not the only user on my network, and getting the other residents of the house to use the Home Assistant app, or connect to the web interface, is not a simple undertaking. And blocking them from their Internet memes and other stuff is not going to go over well. I gotta have something simple to offer them.
From the PR
Please consider that we get numerous requests from different users, in this case, we could enable API token usage again, but you will then also be prompted to login to the application, which then means moving the authentication to ingress becomes invalid.
Unfortunately it really isn't possible to please 100% of the people 100% of the time
PS - I don't believe that Ad guard home has these issues.....