Cannot use CGI/API
-
Hey there,
I own a RLC-520A. I'm testing these CGI commands: https://support.reolink.com/hc/en-us/article_attachments/15340090739353/Command.pdf
Anyway, I'm stuck at the login. I can't even get the token for a long session connection. I also tested the short session.Here's an example:
When I run every command (from Windows), for example a very basic one like GetTime
curl -L -k -H 'Content-Type:application/json' -X POST -d '[{"cmd":"GetTime","action":"1"}]' "http://ip_address/api.cgi?cmd=GetTime&user=user&password=password"
I get this error:
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>
Please also note that I need to add the -L parameter. Otherwise, I get:
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
I searched everywhere online and I can't figure it out what the issue here. Any help?0View 8 replies-
@micciche-matteo_650487669628980 Fairly easy. Use the following curl command. Replace #IP#, #username# and #password# respectively.
curl -s -k -X POST -H "Content-Type : application/json" -d "[{\"cmd\":\"GetTime\",\"action\":1}]" "https://#IP#/cgi-bin/api.cgi?user=#username#&password=#password#" -
@joseph-chircop_497308027822318 Yeah, of course. I used those not to paste here my private information
-
@joseph-chircop_497308027822318
Still this output tho:
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html> -
@micciche-matteo_650487669628980 Ensure HTTPS is enabled on the camera. I used it without any issue on a number of cameras.
-
@joseph-chircop_497308027822318 Yeah cool! HTTP (not HTTPS) was disabled.
Anyway, now when I run the command I get:
[
{
"cmd" : "GetTime",
"code" : 1,
"error" : {
"detail" : "please login first",
"rspCode" : -6
}
}
]
Anyway, don't worry, I should be able to find out why. You already made my day today, thanks! -
@micciche-matteo_650487669628980 eh...you didn't enter my command which was based on https. In your curl L parameter requests Auth. Never use http unless you are on a secured internal network. Anyone with a wireshark can see your credentials as these are sent in plain text.
-
@joseph-chircop_497308027822318 Thank you. Sorry I didn't mention that this was a preliminary test to run this command on a Mikrotik Router (RouterOS scripting). All good, leaving the command here if it can help someone:
Enable or disable Push (that was my goal, change "enable" to 0 or 1), if a specified IP address (my phone) is pinged or not. In this way I have an automatic system that enables push notification when I leave home and switch them off when I come back::local url "https://192.168.xx.xx/api.cgi?cmd=SetPushV20&user=user&password=password" /tool fetch url=$url mode=https http-method=post http-data="[{\"cmd\":\"SetPushV20\",\"param\":{\"Push\":{\"enable\":0,\"schedule\":{\"channel\":0,\"table\":{\"MD\":\"111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\"}}}}}]" -
@micciche-matteo_650487669628980 So you implemented Geofencing before Reolink :). Have been asking for it for quite some time and didn't hear anything. First try to interrogate and then set if unset. Using Mikrotik .... hmmm... Had some issues (MTU) with customers who had VOIP. Note that the ISP changes the IP of your router unless you subscribe for a fixed IP.
-
Actually, the ISP is not even involved because the command is sent directly from the router on the internal network, nothing travels over the public IP. As soon as my phone connects to the home network, the router sends the command to the IP room on the same network. Personally, I love MikroTik and RouterOS, you can really do a lot with it. For example, I can even send myself a notification via pushover telling me if the Reolink push is active or not.
-
@micciche-matteo_650487669628980 Being internal than it's fine. Yep the scripting is powerful.
-
