Access API simply via browser without an API Key. Trick/Hack/Other? Your thoughts...

SOLVED
PeterJames
Head in the Cloud

Access API simply via browser without an API Key. Trick/Hack/Other? Your thoughts...

Hi All,

 

Sometimes I just want to run an ad hoc API query and here is how I do it:

 

1. Login to the Meraki SM portal

2. Select which Organisation I want to run my ad hoc script against

2. Copy which meraki server is listed in the URL e.g. nXXX (where X is a number)

3. Duplicate the Google Chome Window

4. Enter into the URL the server from step 2 and then the API command I want

 

e.g. https://[Step 2].meraki.com/api/v0/organizations = API output of organisations I have access to

 

This will continue to work as long as you stay logged in or until you change which Organisation you access to on the dashboard. If you change the organisation in the original browser window the output will simply go blank.

 

I am curious what others think about this - Is this a trick or a possible vulnerability? 

 

Thank you,
Peter James

1 ACCEPTED SOLUTION
chengineer
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hi Peter, this is expected behavior using your credentials stored in the browser session. FYI, to make the output a bit more readable, use a Chrome extension such as JSONView. We do see this quite a bit and I use this myself to check up on things quickly without having to load Postman or a Python interactive session.

Solutions Architect @ Cisco Meraki | API & Developer Ecosystem

View solution in original post

2 REPLIES 2
chengineer
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hi Peter, this is expected behavior using your credentials stored in the browser session. FYI, to make the output a bit more readable, use a Chrome extension such as JSONView. We do see this quite a bit and I use this myself to check up on things quickly without having to load Postman or a Python interactive session.

Solutions Architect @ Cisco Meraki | API & Developer Ecosystem

@chengineer Great - Thank you for confirming that!

 

Adding that good extension makes it even better to read 🙂

 

Thank you,
Peter James

Get notified when there are additional replies to this discussion.