Hi All,
Sometimes I just want to run an ad hoc API query and here is how I do it:
1. Login to the Meraki SM portal
2. Select which Organisation I want to run my ad hoc script against
2. Copy which meraki server is listed in the URL e.g. nXXX (where X is a number)
3. Duplicate the Google Chome Window
4. Enter into the URL the server from step 2 and then the API command I want
e.g. https://[Step 2].meraki.com/api/v0/organizations = API output of organisations I have access to
This will continue to work as long as you stay logged in or until you change which Organisation you access to on the dashboard. If you change the organisation in the original browser window the output will simply go blank.
I am curious what others think about this - Is this a trick or a possible vulnerability?
Thank you,
Peter James