- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Access API simply via browser without an API Key. Trick/Hack/Other? Your thoughts...
Hi All,
Sometimes I just want to run an ad hoc API query and here is how I do it:
1. Login to the Meraki SM portal
2. Select which Organisation I want to run my ad hoc script against
2. Copy which meraki server is listed in the URL e.g. nXXX (where X is a number)
3. Duplicate the Google Chome Window
4. Enter into the URL the server from step 2 and then the API command I want
e.g. https://[Step 2].meraki.com/api/v0/organizations = API output of organisations I have access to
This will continue to work as long as you stay logged in or until you change which Organisation you access to on the dashboard. If you change the organisation in the original browser window the output will simply go blank.
I am curious what others think about this - Is this a trick or a possible vulnerability?
Thank you,
Peter James
Solved! Go to solution.
- Labels:
-
Dashboard API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Peter, this is expected behavior using your credentials stored in the browser session. FYI, to make the output a bit more readable, use a Chrome extension such as JSONView. We do see this quite a bit and I use this myself to check up on things quickly without having to load Postman or a Python interactive session.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Peter, this is expected behavior using your credentials stored in the browser session. FYI, to make the output a bit more readable, use a Chrome extension such as JSONView. We do see this quite a bit and I use this myself to check up on things quickly without having to load Postman or a Python interactive session.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chengineer Great - Thank you for confirming that!
Adding that good extension makes it even better to read 🙂
Thank you,
Peter James
