mirror of
https://github.com/LizardByte/Sunshine.git
synced 2026-03-17 05:45:48 +00:00
112 lines
2.9 KiB
Markdown
112 lines
2.9 KiB
Markdown
# API
|
|
|
|
Sunshine has a RESTful API which can be used to interact with the service.
|
|
|
|
Unless otherwise specified, authentication is required for all API calls. You can authenticate using
|
|
basic authentication with the admin username and password.
|
|
|
|
## CSRF Protection
|
|
|
|
State-changing API endpoints (POST, DELETE) are protected against Cross-Site Request Forgery (CSRF) attacks.
|
|
|
|
**For Web Browsers:**
|
|
- Requests from same-origin (configured via `csrf_allowed_origins`) are automatically allowed
|
|
- Cross-origin requests require a CSRF token
|
|
|
|
**For Non-Browser Applications:**
|
|
- Non-browser clients (e.g. `curl`, scripts, custom apps) are **exempt** from CSRF protection
|
|
- CSRF attacks require a browser to silently attach credentials to a cross-origin request — this threat
|
|
does not apply to non-browser clients that explicitly provide credentials with every request
|
|
- Requests with no `Origin` or `Referer` header (as is typical for non-browser clients) are automatically
|
|
allowed without a CSRF token
|
|
|
|
**Example (browser-equivalent cross-origin request):**
|
|
```bash
|
|
# Get CSRF token
|
|
curl -u user:pass https://localhost:47990/api/csrf-token
|
|
|
|
# Use token in request
|
|
curl -u user:pass -H "X-CSRF-Token: your_token_here" \
|
|
-X POST https://localhost:47990/api/restart
|
|
```
|
|
|
|
@htmlonly
|
|
<script src="api.js"></script>
|
|
@endhtmlonly
|
|
|
|
## GET /api/csrf-token
|
|
@copydoc confighttp::getCSRFToken()
|
|
|
|
## GET /api/apps
|
|
@copydoc confighttp::getApps()
|
|
|
|
## POST /api/apps
|
|
@copydoc confighttp::saveApp()
|
|
|
|
## POST /api/apps/close
|
|
@copydoc confighttp::closeApp()
|
|
|
|
## DELETE /api/apps/{index}
|
|
@copydoc confighttp::deleteApp()
|
|
|
|
## GET /api/browse
|
|
@copydoc confighttp::browseDirectory()
|
|
|
|
## GET /api/clients/list
|
|
@copydoc confighttp::getClients()
|
|
|
|
## POST /api/clients/unpair
|
|
@copydoc confighttp::unpair()
|
|
|
|
## POST /api/clients/unpair-all
|
|
@copydoc confighttp::unpairAll()
|
|
|
|
## GET /api/config
|
|
@copydoc confighttp::getConfig()
|
|
|
|
## GET /api/configLocale
|
|
@copydoc confighttp::getLocale()
|
|
|
|
## POST /api/config
|
|
@copydoc confighttp::saveConfig()
|
|
|
|
## GET /api/covers/{index}
|
|
@copydoc confighttp::getCover()
|
|
|
|
## POST /api/covers/upload
|
|
@copydoc confighttp::uploadCover()
|
|
|
|
## GET /api/logs
|
|
@copydoc confighttp::getLogs()
|
|
|
|
## POST /api/password
|
|
@copydoc confighttp::savePassword()
|
|
|
|
## POST /api/pin
|
|
@copydoc confighttp::savePin()
|
|
|
|
## POST /api/reset-display-device-persistence
|
|
@copydoc confighttp::resetDisplayDevicePersistence()
|
|
|
|
## POST /api/restart
|
|
@copydoc confighttp::restart()
|
|
|
|
## GET /api/vigembus/status
|
|
@copydoc confighttp::getViGEmBusStatus()
|
|
|
|
## POST /api/vigembus/install
|
|
@copydoc confighttp::installViGEmBus()
|
|
|
|
<div class="section_buttons">
|
|
|
|
| Previous | Next |
|
|
|:--------------------------------------------|--------------------------------------:|
|
|
| [Performance Tuning](performance_tuning.md) | [Troubleshooting](troubleshooting.md) |
|
|
|
|
</div>
|
|
|
|
<details style="display: none;">
|
|
<summary></summary>
|
|
[TOC]
|
|
</details>
|