Due to the existence of an API on the openSPOT, we need todo some hacking 😉
Link to the API description here
All queries except gettok.cgi, ip.cgi and checkauth.cgi must include a valid JWT (JSON Web Token). The JWT should be included in the HTTP header as Authorization: Bearer.
First steps :
1. You need to get a token from the openSPOT with http://openspot.local/gettok.cgi
{
“token”: “1f9a8b7c”
}
2. You have to add your password to the token and sha256 this (shasum -a 256)
sha256(“1f9a8b7cpassw0rd”)
3. You have to POST this to http://openspot.local/login.cgi in JSON
{
“token”: “1f9a8b7c”,
“digest”: “2c476e1191ac5d38f72d9b00aca1c1a64aebe991de8c2c4806e413016844e6be”
}
4. The reply will contain a JWT (JSON Web Token) entry. The JWT stays valid for 3600 seconds after the last valid query.
{
“hostname”: “openspot”,
“jwt”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkMjljODQwZSJ9.r3Oom8qVEAd1ceMMWibrMNsgu0DPgz-IG13MAzB-o5s”
}
Now we are logged in and can call all API interfaces with the acquired JWT.
Let’s make a script for this, click here