API query.php syntax

[nvon001]

Hello, I am hoping to get some ideas/assistance with the API access.  I am using postman and curl to get data on all devices for example, but am unable to query a specific device:
Good Query:
https://1.1.1.1:8443/query.php?t=devices

Bad Query
https://1.1.1.1:8443/query.php?t=devices&q=device="devicea_test"

I receive a ERR :400 Invalid Query.

I can use the sql queries also that gets me the specific device data.  I am not sure how to troubleshoot the API and php.  I am using Mariadb as my database engine.

Thanks for any guidance you can give me on this.

[nvon001]

Some more information.  I think I found the place where the error gets triggered located in the query.php file.  I get a "ERR :400 Invalid query!" message.

 }else{
                                        $q = explode(' ',$query);
                                        if( preg_match('/\W/',$q[0]) or !preg_match('/^([=~<>&|]|LIKE)$/',$q[1]) ){
                                        #if( preg_match('/\W/',$q[0]) {
                                                echo "ERR :400 Invalid query!";
                                                die;
                                        }else{
                                                if( $q[1] == '~' ) $q[1] = $dbregexp;
                                                $query = " WHERE $q[0] $q[1] '".DbEscapeString($link,$q[2])."'";
                                        }
                                }

[rickli]

Try: https://1.1.1.1:8443/query.php?t=devices&q=device+=+"devicea_test"

[nvon001]

Perfect thank you, appreciate the quick response!

I got it to work with using what you sent, and removing the quotes:

https://1.1.1.1:8443/query.php?t=devices&q=device+=+devicea_test

[nvon001]

An additional question on the API.  Can I refine my API query for example, if I only wanted to display the Serial number of a specific device, or do I need to use a sql client to further my searches?

Example, I want to only show the serial number for a specific device using SQL queries:

SELECT serial FROM devices  WHERE device = 'devicea_test'

Using Postman:
https://1.1.1.1:8443/query.php?t=devices&q=device+=+devicea_test&q=serial+=+*

The postman query above won't work because I obviously don't know the syntax to only display serial number for the devicea_test device.  The SQL client queries seem for me anyways easier.  Do you have information on the syntax involved in different types of queries using the API, or is it one of those things where I need to open up a PHP book, and start reading. 
Only other thing I can do is to pull all the data down for the device and parse it via python for the serial number to display, or just use the SQL client to get at the specific piece of data.

[rickli]

Sorry for the delay. Really busy with NeDi 2.0! The API is restrictibe due to security, so no selecting columns. I'll work on documentation as soon as 2.0 is finished (in a few weeks)

[nvon001]

I appreciate the response.  Looking forward to the documentation, and keep up the good work!

[nvon001]

Sorry to keep prodding at this, but I am able to do some workarounds with the API, but am getting stuck now with whitespaces:

https://1.1.1.1:8443/query.php?t=interfaces&q=ifdesc+=+Ethernet1/1 LAG:Po500

I am trying to tie a portchannel to actual physical interfaces by using the 'ifdesc' field, but having that white space between 'Ethernet1/1 LAG:Po500' isn't getting read correctly.  I've tried %20 to replace the whitespace, also tried quotes, but it seems the query is only reading the string before the white space.

[rickli]

No worries, but due to security restrictions you can't have spaces in the search string (sorry). Can you try ifname instead?