Hi, I’m trying to set up a page to display all instances running, but I can not get the permissions for API to work. I started off using my own account (super admin), but that didn’t work, so I created a new user only for use with the API, gave it super admin, and added all permissions manually to be sure. Still doesn’t want to work. I can log in using API no problem, I get a session ID, use it when calling /API/ADSModule/GetInstances, dump the data to the site, and all I get is this
array(3) {
[“Title”]=>
string(19) “Unauthorized Access”
[“Message”]=>
string(136) “You do not have permission to use this method (ADSModule.GetInstances) at this time. This method requires the Session.Exists permission.”
[“StackTrace”]=>
string(649) " at GSMyAdmin.WebServer.MethodInvocation.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)
at GSMyAdmin.WebServer.MethodInvocation.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)"
}
I tried some other API calls but it keeps telling me I do not have permissions to use this method. I can’t find the specific “Session.Exists” permission either, and after hours of trying to figure this out I am about to give up, I would appreciate any help!
The Session.Exists error means the session token you’re trying to use is invalid.
Make sure you’re grabbing the SessionID from the API/Core/Login endpoint and use that as a Bearer token in the Authentication header for subsequent API calls.
Also note that the session ID will expire after 5min of inactivity or when the ADS instance (or the game server instance where the session ID originated from) restarts.
1 Like
Thank you! I tried adding sessionID to body as I saw another ticket where you had said to do that, but I assume it has since been updated? anyway I’ve been looking to try to set up a password reset, I assumed there would be an option for it after setting up SMTP in AMP, but I can’t find any, is there a way to do this? Should I create another thread for it? Either way thanks for the help!
AMP has been updated to use bearer auth now yeah, finally getting with the times lol.
I don’t know much in regard to SMTP though, but there are settings in AMP. If I remember correctly it’s limited to game server instances and not exposed at the ADS “level”.
You can set up some Default Settings for newly created instances to automatically apply the settings you want.
1 Like
I’m not really worried about instance settings, I just want to be able to let AMP users change their password if they managed to forget it, but sounds like it’s not possible then?
Looks like there are some SMTP settings I missed in the ADS, but those seem to be strictly for use in the scheduler.
To my knowledge there isn’t any password-reset system like that built-in. You can change the Forgot Password URL setting in the ADS (may need an Advanced licence since it’s under Branding), then have some other application handle the reset itself via the API.
Here’s the general rundown from what I can remember:
- have the URL points toward a basic webpage that has an email entry box
- have the webserver check against each user to see if the email is valid
- get a temporary login token for the user with:
https://panel-url/API/Core/GetRemoteLoginToken
- send a magic link in their email in the format of:
https://panel-url/?authtoken=TOKEN&user=USERNAME
1 Like
I found the “forgot password URL” under branding, but it seems it’s only instance specific and no global settings for it, any idea how that works? I tried changing it to my website URL for testing, but it did nothing, so where exactly was the URL set? I should be able to figure out the rest, but this specific part doesn’t make a lot of sense to me. sorry if I am missing something obvious!