Unauthorized error on CTI access


#1

Hi,
I just upgraded my GXP2170 to 1.0.9.121 and I am unable to access my phone via CTI url
192.168.123.123/cgi-bin/api-get_line_status?username=admin&password=1234
I get an unauthorized error. I looked at CTI_guide in resources but it seems outdated as the web client now seems to have improved authentication by using a hash, and timestamp when logging in.

I wanted to know what is the new method of accessing the phone via CTI url?

Thanks!


#2

I literally just had the same issue, well, almost. I was trying to end a call. GS support’s fix was for me to check the directions on page 6 of the CTI guide http://www.grandstream.com/sites/default/files/Resources/CTI_Guide.pdf

Worked great!


#3

Dang! I must have read that document like 50 times, never occured to me that
Remote Control Pop up Window Support enables CSRF on URLs. Thanks, for pointing it out.

For future references:
You can hit a POST request to API for getting the token and use that token as salt to your password which gives a hash for to be used for the login.

For Example:
The URL is: http://192.168.123.123/cgi-bin/api.values.get

image

POST data: request = password_token:password_token_timestamp

image

Then you can use the password_token and password together to generate a SHA-256 hash. And use this hash to login. It will respond with a sid (session id) which you should provide with future requests.

A bit complicated but maintains your security I guess.