how to disable api Authorization ?

muhamedoufi2 years ago

In my previous question sent-command-dont-saved , I discussed my need to send commands to devices connected to Traccar, but I encountered a challenge with using the API due to its authorization requirements. Since I have my own authentication system in my application and don't rely on Traccar's authentication, I was looking for alternative solutions.

I explored the Traccar configuration file documentation but didn't come across any information regarding this issue. I would appreciate your assistance in finding a solution to this problem.

Anton Tananaev2 years ago

Why can't you just use an API token?

muhamedoufi2 years ago

I cannot use the API token because I need to request the API from an external application, not from Traccar directly. Additionally, I am unable to obtain the token because my user is not connected to Traccar. As I mentioned earlier, I have my own authentication system and only utilize Traccar as a server.

Anton Tananaev2 years ago

I'm very confused. The whole point of an API token is that an external application can use it to call the API. What you're saying makes absolutely no sense to me. This is a common industry practice that pretty much everyone uses. It doesn't matter if you're calling from an app or another system or whatever else. It shouldn't be a problem.

muhamedoufi2 years ago

Okay, it seems that I am the one who is confused. Let me clarify my understanding of the token: Is the token generated for users in Traccar? Is that correct or not?

To generate an API token in Traccar, I need to follow these steps:

  1. Log in to my Traccar account with the necessary administrative privileges.
  2. Click on the "Create Token" or a similar button to generate a new API token.
  3. Traccar will likely provide me with the generated token.
  4. Once I have the API token, I can include it in my API requests by adding an Authorization header with the token value.

However, this approach doesn't fit my situation because my application doesn't rely on the Traccar user table. Therefore, I am unable to generate the API token as described.

Anton Tananaev2 years ago

Why it doesn't fit exactly? What do you mean you don't rely on Traccar user table? Why do you need to rely on it? Traccar does. You don't have to.

muhamedoufi2 years ago

When I mentioned that my application doesn't rely on the Traccar user table, I meant that I have implemented a separate user authentication system within my app. This means that when a user connects to my application, they can create devices that will connect to Traccar and send positions, create groups, geofences, and perform other operations. However, it's important to note that this user doesn't have an actual user account within Traccar's built-in user management system. The authentication and authorization process is managed independently within my application.

Anton Tananaev2 years ago

That's all completely irrelevant. If you don't want to map your users to Traccar users, just create a single account in Traccar and use it as your "service" account. That's the account that will host everything and that's the account you will use the API key for.

muhamedoufi2 years ago

Ok thank you
But I think it will be a good feature if it added to traccar

Anton Tananaev2 years ago

You haven't really provided any good justification for considering it as a feature.