Unable to login to API after update

Hello,

I just updated to version 21.5.37

When I try to login using the …/api/ url my username / pw combination of administrator and empty is no longer logging me in. Instead the prompt for a username and pw keeps appearing.

Any solutions to this?

You should have assigned a password for the Administrator account during your setup. Did you?

Manager API has CORS enabled now. For security reasons, you need to have a password. Can’t login to API with empty password.

Hi @lubos,

As of 21.5.35 this is also affecting the Linux Desktop version.

What’s the default password for the Desktop version?

Cheers,

1 Like

I didn’t encounter that option during the install for the desktop edition.

@maarten, that is because there are no usernames or passwords for the desktop edition. There is no administrator. A few more details would be helpful.

Up until this update I accessed the API by entering http://127.0.0.1:55667/api (55667 being the port used) and then entering ‘administrator’ without a password.

This worked fine for ManagerDesktop

Since the update, the login window keeps reappearing.
@Tut : not entering a username does not work either. Or is there another way to access the API for managerDesktop that you know about?

Details:

  • Running Manager Desktop version 21.5.37
  • OS = Windows 10
  • Using Google Chrome to access API

1 Like

I think the expectation is that the desktop version would not support the API as the concept of an API requires network access so Server or Cloud would be the logical product to support the API in.

The desktop version is meant to be a standalone single user product not something that can be linked up to api’s etc. That would imply multi user and network/internet connectivity to the database.

If you want the api, I would recommend you get the Server edition.

Keeping in mind what dalacor said, supporting the API for desktop edition beyond this change would likely just be a case of defining a default administrator password on the desktop edition. Previously the default was to have no password.

Doing so would mean CORS can remain enabled, whilst also allowing those on the desktop edition to access the API.

My use case for API with desktop edition is for testing purposes. It’s my development environment & I need a local place to test my integration without hitting a web endpoint or production directly.

This is definitely a regression in functionality. Likely a bug as well, though I’d be keen to hear @lubos’ thoughts. I’d strongly prefer that it still be available, at least in a capacity that can be used for local integration testing.

If api access is being dropped from the Desktop version, I guess I wont be upgrading past 21.5.34.

1 Like

So here’s a workaround for those who may want to continue to use the desktop Edition as an api development environment or for other api purposes.

You need to have a Manager Desktop version installed that still has api access. For Linux, the latest one is at Release Manager 21.5.34 · Manager-io/Manager.AppImage · GitHub

If Manager complains when you go to open your business file (xxxxx.manager), you need to rollback the version embedded in the business file.

To do this, run the following command in a terminal (you may need to install sqlite3 first):

sqlite3 “/[user]/.local/share/Manager/xxxxx.manager” “UPDATE Objects SET Content = x’08a102’ Where Key = ‘a9a71e47-82b3-49db-8aec-898adb460a80’”

This will rollback your xxxxx.manager business file so it is able to be opened with 21.5.34.

It does makes a (small) change to your business file, so be sure to back it up first.

Hopefully this will only be needed in the short term.

Thanks Lubos & Bob!

Manager API will continue to be supported in desktop edition.

There is no mechanism to set administrator password in desktop edition at the moment but the workaround would be launching server edition, changing Administrator password and then continue using desktop edition.

1 Like

That’s great news.

Thanks @lubos!

Glad to hear it.

Not sure why it works that way. There’s no authentication at all, so why would there be on the api portion? That will improve nothing in terms of security. Manager listens on localhost, which is fine.

Because the API is a server function which is not disabled in the free desktop version.

A simple solution would be to disable it in the desktop version. Either that or desktop users should be thankful it still available for them for free

Is there a default password for the Desktop edition Administrator account now?

To get my stuff working again locally I could launch server edition temporarily as you suggest, but that doesn’t solve the problem for others.

I am wondering if there was a change to fix this between June 2nd (when you wrote that) and today.

1 Like

Desktop edition does not have any authorizations so no passwords. The advice provided in this discussion remains as is, ie locally install server edition.

  1. launch the server version and login with default administrator account leaving password field empty.
  2. change the password for the account. this will create a password file in your application data folder.
  3. now you can access the api for desktop edition using the new password set for administrator account.