hi!!
we are developing a simple app to use dolibarr as backend, and i have a security issue:
the API documentation recommend that use the POST method to login to dolibar for security reasons. I agree with that, but i have malfunction: when i try to login with post method & CURL, i have a 403 forbidden error. My syntax is:
curl -X POST --header ‘Content-Type: application/json’ --header ‘Accept: application/json’ -d ‘{
“login”: “mylogin”,
“password”: “mypassword”,
“reset”: 1
}’ ‘https://mydolibarrinstallation/api/index.php/login’
It’s the same that the api explorer uses, without the DOLAPIKEY header and the “entity” field ( I have tried with it too)
I can login with the POST method adding the credentials to the URL (https://mydolibarrinstallation/api/index.php/login?user=myuser&password=mypassword&reset=1’, but it’s not secure because credentials are logged by the access.log in the server.
My dolibarr version is 10.0.6 over ubuntu 18.04, Apache/2.4.29 and PHP 7.2
can anyone try to login with POST & CURL and reply my error?
Thanks a lot!!
