Is there an way to give virtual server admins (read: not with a master admin role) access to the remote API?
I’ve read that there might be a webmin.acl “hack” in Accessing Remote API as non-root user , but the virtualmin docs say that remote.cgi ist only for the master admin user.
Meanwhile I solved my issue, which was updating DNS records via a remote API / https . That solution is generic, i.e. you don’t need to modify anything on the server-side. This is at least good if you are a “customer” and can’t change the server config at all.
That’s why I preferred to scrape the web-gui and make the requests as “non-root user”. I was really wondering, if no one already created api-server component (maybe with konghq or such).
But thanks for confirming, that I am not reinventing the wheel
When I’ve exposed an API command, I did so by building my own frontend API. I created user-level authentication and mapped a user to a domain. By utilizing checks and balances, I was able to issue commands to the Virtualmin API internally within my script in a somewhat safe manner. I also limited what API calls my own script supported and which flags were sent to each accordingly.
Scraping the Web-UI is not really a viable option, as the code for the Web-UI is subject to change at anytime.
Depending what you want to offer to third parties, I may be able to work with you to develop a frontend API wrapper for such a task.
