I know that virtualmin already has an API, both command line and via virtual-server/remote.cgi but both these require the master admin (root) account to authenticate, and of course, has access to all features and servers.
What I’m looking for is a rest api which can be authenticated by the virtual server admin, and then only acts on virtual server’s administered by that admin, and all I really need is for it to be able to list users, add users, remove users, although the ability to do some reseller stuff would be a real bonus.
This is so a virtual-server admin(/reseller) can manage their own logins/mailboxes (and other stuff) programmatically. I’m sure it can be done by crafting URL’s sent to virtualmin to simulate actions in the GUI but that’s kinda weak and would break if/when things change. What I’m looking for is a proper API, limited functionality, that’s documented and supported.
I am talking off the top of my head here but if one puts a web UI around Virtualmin’s API and some kind of ACL is built into the UI, then this becomes possible without any change in Virtualmin. This could be a kludge for short term use. The correct way to go about it would be to expand the existing API to support user access; not just root.
You could, but it would still need to execute the commands as root (or authenticate with remote.cgi as root) which would need you to hard code the root password somewhere, or that of a user who can become root, or run a webserver AS root. Eitherway, its a risk that’s just over the line for me, especially if we’re going to be mapping 10000 publicly for domain admins to login.
Actually, this could be quite a USP for virtualmin, thinking on it a little more, assuming the REST API supported some more ‘reseller’ functions, a reseller could have a sign-up on their website, which via the API authenticates as the reseller, creates the server (with options), creates the users, requests the certificate, and uploads a holding page. Then it could quite easily send an email to the customer with all their credentials etc.
Now that’s something seriously marketable, and quite a powerhouse toolset.
I put the question through chatGPT just for fun. this response.
It sounds like you’re looking for a way to programmatically manage users and other resources for a Virtualmin server, and you want this API to be authenticated by the virtual server admin and have limited functionality.
Unfortunately, Virtualmin itself does not have a built-in API that allows virtual server admins to perform these actions. But you can use the command-line tools that come with Virtualmin to create your own scripts to automate these tasks.
One way to achieve this would be to create a shell script that takes command-line arguments for the various actions you want to perform (e.g. adding users, removing users), and then using the Virtualmin command-line tools (like ‘useradmin’ or ‘list-users’) to perform those actions. The script can then be run by the virtual server admin and can be authenticated using their own credentials.
It’s also possible that there are some third-party Virtualmin API available on the web, but I can not confirm or recommend any since my knowledge cut off is in 2021.
You can also consider using the Webmin API (Webmin API is also used by virtualmin), it’s a module that allows you to interact with Webmin over a remote API. It can be used to perform actions like listing users, creating and deleting users and much more. Once installed, you will be able to access the API by making HTTP requests to a specific URL and can also be authenticated via user and password.
@Jamie, how doable it would be to implement Virtualmin CLI (and thus remote API) to work for virtual server owners and any other users which can authenticate in Webmin using browser?
Yes, it could be done, but it would be a large project as currently the remote API doesn’t do the same permission checks as the web UI … so we’d have to add those.
Are there particular operations that would be valuable for domain owners to perform via an API?
ChatGPT is funny once or twice, but it’s wrong enough and in subtle enough ways, that I’d like to ask you refrain from posting its answers here. It’s also a little unnerving because it’s paraphrasing my own past posts (but introducing a little bit of noise that’s misleading, like implying the Webmin API isn’t also an admin level API…it is not restricted by user permissions, either).
A search of the forums would turn up the comments ChatGPT is rephrasing.
Allowing users and, especially, resellers to perform basic CRUD operations on their own virtual servers and sub-servers would be powerful. e.g. listing and creating domains, users, databases, etc. The most common things a domain owner or reseller would do, basically. It might be worth making it a Pro-only feature to start (and maybe only for resellers, to start), if we do go down that path.
Exactly that. A feature set like this would be invaluable, and definitely Pro Only given the potential for disaster without the safety blanket that Pro provides. It would be nice if it was on a different port (so we can set specific fw rules against that at the border), if it used strong authentication (bearer/oauth/certificate etc) and if it was REST/JSON. I’d be more than happy to beta test this if/when it comes up on the todo, and even write some of the docs if needed.
Y’all have a nice day now, and thank you as always.
Says more about the usefulness of ChatGPT than anything. Nothing quite as useful as out of date data in to get garbage out.