Page 1 of 1
Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 9:01 am
by gizmos
I'm trying to write a little bash script that uses the Sonic DDNS API to get my current (dynamic) WAN IP and then updates some of my A records accordingly. See
https://public-api.sonic.net/dyndns/
I pretty much understand how to do this, but I'm not quite clear on the purpose of the API key. Is the API key intended to be a transient thing - i.e. should I get a new API key, for each domain, and then release it every time my script runs? Or is the API key more of a permanent thing, and I should cache a key for each domain in some secure file and then reuse them over and over?
FWIW, I would expect the script to run maybe once a day...
BTW, I'm assuming no one has already written such a script. If somebody has, I'd like to hear about it!
Bob
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 10:27 am
by dherr
I am running a script that checks to see if my FTTN dynamic IP has changed and then updates the Sonic hosted DNS if there is a change. Here are the cleaned up versions; removed old notes and my own user info:
Code: Select all
#!/bin/sh
#
# Checks on current dynamic IP assignemt and sends and e-mail alert if it has changed.
# Using the public-api.sonic.net tool from "williamt", at:
# https://public-api.sonic.net/dyndns
# Who gets the alert mails:
victims="[email protected]"
recent=`cat /home/user/bin/watch-for-ip-updates.current`
save="/home/user/bin/watch-for-ip-updates.current"
current=`curl -sX GET https://public-api.sonic.net/dyndns/ip | awk -F\" '{print$4'}`
alert="/home/user/bin/watch-for-ip-updates.alert"
# Run a check to fail of of the script if the curl did not give us an IP address:
# The AT&T PTRs can be upper or lower case, using `tr` to switch all to lower.
sanity=`host $current | awk -F. '{print$5}'| tr A-Z a-z`
if [ "$sanity" != "in-addr" ];then
echo "IP check came up with PTR ending in $sanity. Expecting in-addr." | mail -s "Dynamic IP check found a problem." $victims
exit
fi
# Make sure we are not simply using the Sonic vpn:
sanity=`host $current |grep -c sonic.net`
if [ "$sanity" = "1" ];then
echo "IP check came up with a Sonic IP, so will not update DNS." | mail -s "Dynamic IP check found a Sonic IP." $victims
exit
fi
# If we got this far and it is a new IP then alert via mail and run the script to update DNS:
if [ "$recent" != "$current" ];then
cp $save $save.`date +%Y-%m-%d-%H:%M`
echo $current > $save
echo "The Dynamic IP has changed." > $alert
echo "New IP is: $current" >> $alert
echo >> $alert
echo "If it is currently enabled, we will now run the script to update the Sonic DNS." >> $alert
cat $alert | mail -s "New dynamic IP" $victims
# Update the Sonic DNS with new IP:
/home/user/bin/dyn-update-sonic.sh
fi
The update script:
Code: Select all
#!/bin/sh
# Could be done in one line but $IP might be needed at some point.
IP=`cat /home/user/bin/watch-for-ip-updates.current`
GW=`echo $IP | awk -F. '{print$1"."$2"."$3".1"}'`
# The tool now takes TTL value and will default to type "A" and will use the IP that you are hitting it from:
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=domain&ttl=1800" https://public-api.sonic.net/dyndns/host
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=www.domain.com&ttl=1800" https://public-api.sonic.net/dyndns/host
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=host.domain.com&ttl=1800" https://public-api.sonic.net/dyndns/host
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 10:49 am
by gizmos
dherr wrote:The update script:
Code: Select all
#!/bin/sh
...
The tool now takes TTL value and will default to type "A" and will use the IP that you are hitting it from:
curl -sX PUT --data "userid=#####&apikey=########################################&hostname=domain&ttl=1800" https://public-api.sonic.net/dyndns/host
.....
Thanks for posting these, but I still have the question where are you getting the API key? It looks to me like I have to use the
https://public-api.sonic.net/dyndns/api_key function first to assign an API key, and then the giant hex number that results gets passed to
https://public-api.sonic.net/dyndns/host. And I would assume that I have to delete the api key after I'm done updating the A record. Your script doesn't seem to do that, though. What am I missing?
Thanks again,
Bob
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 10:55 am
by gizmos
P.S. FWIW, I'm not clear what the API key is really used for anyway. It would seem like the sonic username, the password, and the domain would be enough to uniquely identify and authorize changes to an A record. I'm not sure what the API key adds to the process.
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 11:01 am
by dherr
My hope was that Someone from Sonic would address the main questions. I don't delete and recreate the keys, but I have no idea if that means that my domain records are less secure now. I created my keys based on info from the site you noted above.
I have a note saying...
The key was created with:
curl -X POST --data 'username=SonicUser&password=SonicPass&hostname=domain.com'
https://public-api.sonic.net/dyndns/api_key
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 11:06 am
by gizmos
So you just created the API keys once and then hard coded them into your script?
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 11:15 am
by dherr
Yes, that is correct. So my sonic password does not need to be sent during updates, nor am I storing the password in the script.
Re: Lifetime of API key in sonic DDNS
Posted: Wed Sep 09, 2015 11:19 am
by gizmos
dherr wrote:my sonic password does not need to be sent during updates
Ah, I missed that implication - that's an important point. Thanks!