Add documentation
This commit is contained in:
parent
1fab884a2f
commit
5bbd3c6158
@ -10,12 +10,17 @@ Sample configuration:
|
|||||||
"api_server": {
|
"api_server": {
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"listen_ip_address": "127.0.0.1",
|
"listen_ip_address": "127.0.0.1",
|
||||||
"listen_port": 8080
|
"listen_port": 8080,
|
||||||
|
"username": "Freqtrader",
|
||||||
|
"password": "SuperSecret1!"
|
||||||
},
|
},
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! Danger: Security warning
|
!!! Danger: Security warning
|
||||||
By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet, since others will potentially be able to control your bot.
|
By default, the configuration listens on localhost only (so it's not reachable from other systems). We strongly recommend to not expose this API to the internet and choose a strong, unique password, since others will potentially be able to control your bot.
|
||||||
|
|
||||||
|
!!! Danger: Password selection
|
||||||
|
Please make sure to select a very strong, unique password to protect your bot from unauthorized access.
|
||||||
|
|
||||||
You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.
|
You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ class ApiServer(RPC):
|
|||||||
def require_login(func):
|
def require_login(func):
|
||||||
|
|
||||||
def func_wrapper(self, *args, **kwargs):
|
def func_wrapper(self, *args, **kwargs):
|
||||||
# Also works if no username/password is specified
|
# Also accepts empty username/password if it's missing in both config and request
|
||||||
if (request.headers.get('username') == self._config['api_server'].get('username')
|
if (request.headers.get('username') == self._config['api_server'].get('username')
|
||||||
and request.headers.get('password') == self._config['api_server'].get('password')):
|
and request.headers.get('password') == self._config['api_server'].get('password')):
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user