Skip to content

Lifetime of API key in sonic DDNS

Advanced feature discussion, beta programs and unsupported "Labs" features.
8 posts Page 1 of 1
Post a reply

Lifetime of API key in sonic DDNS

by gizmos » Wed Sep 09, 2015 9:01 am
I'm trying to write a little bash script that uses the Sonic DDNS API to get my current (dynamic) WAN IP and then updates some of my A records accordingly. See

https://public-api.sonic.net/dyndns/

I pretty much understand how to do this, but I'm not quite clear on the purpose of the API key. Is the API key intended to be a transient thing - i.e. should I get a new API key, for each domain, and then release it every time my script runs? Or is the API key more of a permanent thing, and I should cache a key for each domain in some secure file and then reuse them over and over?

FWIW, I would expect the script to run maybe once a day...

BTW, I'm assuming no one has already written such a script. If somebody has, I'd like to hear about it!

Bob
by dherr » Wed Sep 09, 2015 10:27 am
I am running a script that checks to see if my FTTN dynamic IP has changed and then updates the Sonic hosted DNS if there is a change. Here are the cleaned up versions; removed old notes and my own user info:

Code: Select all

#!/bin/sh
#
# Checks on current dynamic IP assignemt and sends and e-mail alert if it has changed.
# Using the public-api.sonic.net tool from "williamt", at:
# https://public-api.sonic.net/dyndns

# Who gets the alert mails:
victims="[email protected]"


recent=`cat /home/user/bin/watch-for-ip-updates.current`
save="/home/user/bin/watch-for-ip-updates.current"
current=`curl -sX GET https://public-api.sonic.net/dyndns/ip | awk -F\" '{print$4'}`
alert="/home/user/bin/watch-for-ip-updates.alert"

# Run a check to fail of of the script if the curl did not give us an IP address:
# The AT&T PTRs can be upper or lower case, using `tr` to switch all to lower.
sanity=`host $current | awk -F. '{print$5}'| tr A-Z a-z`
if [ "$sanity" != "in-addr" ];then
	echo "IP check came up with PTR ending in $sanity. Expecting in-addr." | mail -s "Dynamic IP check found a problem." $victims
	exit
fi
# Make sure we are not simply using the Sonic vpn:
sanity=`host $current |grep -c sonic.net`
if [ "$sanity" = "1" ];then
	echo "IP check came up with a Sonic IP, so will not update DNS." | mail -s "Dynamic IP check found a Sonic IP." $victims
	exit
fi

# If we got this far and it is a new IP then alert via mail and run the script to update DNS:
if [ "$recent" != "$current" ];then
	cp $save $save.`date +%Y-%m-%d-%H:%M`
	echo $current > $save
	echo "The Dynamic IP has changed." > $alert
	echo "New IP is: $current" >> $alert
	echo >> $alert
	echo "If it is currently enabled, we will now run the script to update the Sonic DNS." >> $alert
	cat $alert | mail -s "New dynamic IP" $victims
	# Update the Sonic DNS with new IP:
	/home/user/bin/dyn-update-sonic.sh
fi

The update script:

Code: Select all

#!/bin/sh

# Could be done in one line but $IP might be needed at some point.
IP=`cat /home/user/bin/watch-for-ip-updates.current`
GW=`echo $IP | awk -F. '{print$1"."$2"."$3".1"}'`

# The tool now takes TTL value and will default to type "A" and will use the IP that you are hitting it from:
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=domain&ttl=1800" https://public-api.sonic.net/dyndns/host
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=www.domain.com&ttl=1800" https://public-api.sonic.net/dyndns/host
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=host.domain.com&ttl=1800" https://public-api.sonic.net/dyndns/host
by gizmos » Wed Sep 09, 2015 10:49 am
dherr wrote:The update script:

Code: Select all

#!/bin/sh
...
 The tool now takes TTL value and will default to type "A" and will use the IP that you are hitting it from:
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=domain&ttl=1800" https://public-api.sonic.net/dyndns/host
.....
Thanks for posting these, but I still have the question where are you getting the API key? It looks to me like I have to use the https://public-api.sonic.net/dyndns/api_key function first to assign an API key, and then the giant hex number that results gets passed to https://public-api.sonic.net/dyndns/host. And I would assume that I have to delete the api key after I'm done updating the A record. Your script doesn't seem to do that, though. What am I missing?

Thanks again,
Bob
by gizmos » Wed Sep 09, 2015 10:55 am
P.S. FWIW, I'm not clear what the API key is really used for anyway. It would seem like the sonic username, the password, and the domain would be enough to uniquely identify and authorize changes to an A record. I'm not sure what the API key adds to the process.
by dherr » Wed Sep 09, 2015 11:01 am
My hope was that Someone from Sonic would address the main questions. I don't delete and recreate the keys, but I have no idea if that means that my domain records are less secure now. I created my keys based on info from the site you noted above.

I have a note saying...

The key was created with:
curl -X POST --data 'username=SonicUser&password=SonicPass&hostname=domain.com' https://public-api.sonic.net/dyndns/api_key
by gizmos » Wed Sep 09, 2015 11:06 am
So you just created the API keys once and then hard coded them into your script?
by dherr » Wed Sep 09, 2015 11:15 am
Yes, that is correct. So my sonic password does not need to be sent during updates, nor am I storing the password in the script.
by gizmos » Wed Sep 09, 2015 11:19 am
dherr wrote:my sonic password does not need to be sent during updates
Ah, I missed that implication - that's an important point. Thanks!
8 posts Page 1 of 1

Return to “Labs”