I would recommend to check what official web app sends. It uses exactly the same API, so in browser developer console you can see all requests.
The chrome 'developer tools' are a bit on the heavy/overwhelming side with data and at some point it freezes. wireshark does naturally show nothing useful since the call is https!
I used the example: @ http://traccar.litvak.su/features/rest-api.html
but received a less than satisfying result:
C:\Users\savet>curl --verbose -i -tlsv1.2 -X POST --data "[\"realuser@server.io\",\"abc\"]" https://192.168.0.69:8082/rest/login
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 192.168.0.69...
* Connected to 192.168.0.69 (192.168.0.69) port 8082 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\Program Files\cURL\bin\curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
C:\Users\savet>
Digging through google for "SSL23_GET_SERVER_HELLO:unknown protocol" gave me several points of failure but none of them seems to fit. I hoped that explicitely defining tlsv1.2 would convince curl to go for tls but it seems to insist on SSL.
Using the restEasy plugin I don't even get that far.
If someone uses it how do I supply the userid/password since the below does not work.
!(https://drive.google.com/file/d/1CLhzduoqACfaMwac96LRSJ3HHBTSZ-nT/view?usp=sharing)
First of all, you probably haven't configured HTTPS for your server to be using it. Traccar uses HTTP by default.
Secondly, I'm not sure why you are using example from completely different project.
Oops! Yeah, using http gets me farther (even in resteasy):
HTTP POST http://192.168.0.69:8082/api/login
Content-Type: application/json
Accept: */*
Authorization: Basic c3RydWJpbnNreUBhY20ub3JnOmFiYw==
Host: 192.168.0.69:8082
404 Not Found
access-control-allow-origin: chrome-extension://nojelkgnnpdmhpankkiikipkmhgafoch
date: Thu, 03 May 2018 23:29:19 GMT
access-control-allow-credentials: true
server: Jetty(9.2.24.v20180105)
access-control-allow-headers: origin, content-type, accept, authorization
content-length: 44
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
HTTP 404 Not Found - NotFoundException (...)
Now, what would be the correct URL so that I receive the cookie for the following requests?
API documentation is here:
https://www.traccar.org/api-reference/
If you want examples check official web app.
Oops! Yeah, using http gets me farther (even in resteasy):
HTTP POST http://192.168.0.69:8082/api/login
Content-Type: application/json
Accept: */*
Authorization: Basic c3RydWJpbnNreUBhY20ub3JnOmFiYw==
Host: 192.168.0.69:8082
404 Not Found
access-control-allow-origin: chrome-extension://nojelkgnnpdmhpankkiikipkmhgafoch
date: Thu, 03 May 2018 23:29:19 GMT
access-control-allow-credentials: true
server: Jetty(9.2.24.v20180105)
access-control-allow-headers: origin, content-type, accept, authorization
content-length: 44
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
HTTP 404 Not Found - NotFoundException (...)
Now, what would be the correct login-URL so that I receive the cookie for the following requests? I saw others also received a 404 but did not find a URL other than what I deducted: "http://192.168.0.69:8082/api/login"
So close but no cigar or is it?
C:\Users\savet>curl --verbose -i -X POST --data "[\"strubinsky@acm.org\",\"abc\"]" http://192.168.0.69:8082/api/session
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 192.168.0.69...
* Connected to 192.168.0.69 (192.168.0.69) port 8082 (#0)
> POST /api/session HTTP/1.1
> Host: 192.168.0.69:8082
> User-Agent: curl/7.46.0
> Accept: */*
> Content-Length: 28
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 28 out of 28 bytes
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Date: Fri, 04 May 2018 00:08:12 GMT
Date: Fri, 04 May 2018 00:08:12 GMT
< Set-Cookie: JSESSIONID=rtb77qbjxhh6yz79fxwmi19r;Path=/api
Set-Cookie: JSESSIONID=rtb77qbjxhh6yz79fxwmi19r;Path=/api
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Content-Type: application/json
Content-Type: application/json
< Access-Control-Allow-Headers: origin, content-type, accept, authorization
Access-Control-Allow-Headers: origin, content-type, accept, authorization
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Content-Length: 91
Content-Length: 91
< Server: Jetty(9.2.24.v20180105)
Server: Jetty(9.2.24.v20180105)
<
NullPointerException (DataManager:310 < PermissionsManager:427 < SessionResource:103 < ...)* Connection #0 to host 192.168.0.69 left intact
I receive a 400 but followed by a cookie and the nullpointer. I think I am closing in .... What does that mean?
Data is clearly in the wrong format. I would recommend you to research what form data should look like.
Let me describe what I want to do since I may bark up the wrong tree with the question and there is a better solution (still a noob):
there is a tracker (coban tk103b) and a Bluetooth switch
If a user comes to use a vehicle they run an android app which sends through some medium (SMS? API?) a user-id. The bluetooth switch sends a fake 'ignition-on' signal which does nothing since it only comes in when the bluetooth connection ends as the user walks away and the connection terminates.
traccar: receives that String and looks in storage(?) for a vehicle id that contains that string. Or: This can also be sequentially scanning through all devices and check for an 'attribute' (if I understand 'attribute' correctly) or in the local database (table: authstring (char(16), vehicle-id(int)).
If there was a match we know the vehicle-id! We send now two commands to the hardware to turn the power on and disable the alarm-on-motion.
If there is no match, nothing happens.
If the user moves away from the vehicle the bluetooth connection is lost and the tracker sends an 'ignition-off' event. Traccar sends now two commands to 'arm' the tracking device (turns alarm-on-motion sensor on, turns power off)
If a motion is detected while 'disarmed' nothing happens (the location data is not stored anywhere for privacy reasons)
If the device is 'armed', a horn goes off (automatically by the hardware), an event happens and traccar sends an SMS and/or email and the tracker's geo-data can be followed on the map.
How can I:
I see in the APIs a
GET /devices which lists all devices which could be used with
GET /attributes/computed (I don't get the meaning of 'computed') which seems to returns all attributes for a device
and a
POST /commands/send
Do I send the commands as a RESTful web service and if that is so, are there examples that I can use to learn? (I don't understand the authorization process (via header) since I only know a bit about the oauth procedure which does not seem to fit here). A simple example to play with (via RestEasy or Postman) to get -for example- all devices for one account would help enormously.
Thank you in advance
g strubinsky