ARI web socket authentication

mikaelwills · August 2, 2024, 12:24pm

Im attempting to connect to the ARI /ari/events web socket connection but it seems im running into authentication issues

in my ari_additional.conf i have

[asterisk]
type=user
password=*******
password_format=plain
read_only=no

in ari_general_additional.conf i have

enabled=yes
pretty=yes
websocket_write_timeout=100
allowed_origins=localhost:8088

Ive seen on another post here that you pass the username and password in query params api_key?

but my server logging shows:

Connecting to WebSocket URL: ws://192.168.1.40:8088/ari/events?app=IwSip&subscribeAll=true&api_key=asterisk%3A******

WebSocket error: WebSocketChannelException: WebSocketChannelException: WebSocketException: Connection to ‘http://192.168.1.40:8088/ari/events?app=IwSip&subscribeAll=true&api_key=asterisk%3A*******#’

The logs from asterisk show a 401, so its un authorised?

2:14:25] DEBUG[29814]: manager.c:7099 process_message: Running action ‘Login’
[2024-08-02 12:14:34] DEBUG[29816]: http.c:1956 httpd_helper_thread: HTTP opening session. Top level
[2024-08-02 12:14:34] DEBUG[29816]: http.c:1415 handle_uri: HTTP Request URI is /ari/events?app=IwSip&subscribeAll=true&api_key=asterisk%3A******
[2024-08-02 12:14:34] DEBUG[29816]: http.c:1470 handle_uri: match request [ari/events] with handler [httpstatus] len 10
[2024-08-02 12:14:34] DEBUG[29816]: http.c:1470 handle_uri: match request [ari/events] with handler [ari] len 3
[2024-08-02 12:14:34] DEBUG[29816]: http.c:1486 handle_uri: Match made with [ari]
[2024-08-02 12:14:34] DEBUG[29816]: http.c:566 ast_http_send: HTTP keeping session open. status_code:401
[2024-08-02 12:14:34] DEBUG[29817]: manager.c:7099 process_message: Running action ‘Login’

Wondering whats the official way to authenticate when trying to connect to the ARI websocket connection

mikaelwills · August 2, 2024, 12:36pm

Im wondering since in. my http_additional.conf

[general]
enabled=yes
enablestatic=no
bindaddr=::
bindport=8088
prefix=
sessionlimit=100
session_inactivity=30000
session_keep_alive=15000
tlsenable=yes
tlsdisablev1=yes
tlsdisablev11=no
tlsdisablev12=no
tlsbindaddr=[::]:8089
tlscertfile=/etc/asterisk/keys/integration/certificate.pem
tlsprivatekey=/etc/asterisk/keys/integration/webserver.key

i have tls enabled should i be using wss then instead of ws?

gjoseph · August 2, 2024, 1:54pm

You’re not actually passing %3A as the user/password separator in the api_key are you? You should specify the : literally. The debug message from http.c should look like…

HTTP Request URI is /ari/events?app=IwSip&subscribeAll=true&api_key=asterisk:******

mikaelwills · August 2, 2024, 2:14pm

Ah thank you, : was getting auto url encoded.
Onto a 404 back from the server now instead of 401 so it seems its authenticated.

in the documentation it definitely says /ari/events but the asterisk logs say

[2024-08-02 14:09:32] DEBUG[13709]: http.c:1492 handle_uri: Requested URI [ari/events] has no handler

i just tried /events without /ari but it said the same

gjoseph · August 2, 2024, 3:03pm

What client are you using? It looks like the leading slash is being stripped.

mikaelwills · August 2, 2024, 3:16pm

Im hand rolling my own web socket connection in Dart using their IOWebSocketChannel class.

Whats interesting is in the asterisk logs:

[2024-08-02 14:09:32] DEBUG[13709]: http.c:1415 handle_uri: HTTP Request URI is /ari/events?app=IwSip&subscribeAll=true&api_key=asterisk:asterisk
[2024-08-02 14:09:32] DEBUG[13709]: http.c:1470 handle_uri: match request [ari/events] with handler [httpstatus] len 10
[2024-08-02 14:09:32] DEBUG[13709]: http.c:1470 handle_uri: match request [ari/events] with handler [ws] len 2
[2024-08-02 14:09:32] DEBUG[13709]: http.c:1492 handle_uri: Requested URI [ari/events] has no handler

The first log shows its receiving /ari/events, i wanna say that from that im sending over the correct url?

My logs then show

WebSocketException: Connection to ‘http://192.168.1.40:8088/ari/events?app=IwSip&subscribeAll=true&api_key=asterisk:asterisk#’ was not upgraded to websocket

which has the / before the ari, im sure theres probably still a possibility that its taken out somewhere in the IOWebSocketChannel class

mikaelwills · August 2, 2024, 3:35pm

I don’t have a lot of experience in C but it kinda looks like this code in the handle_uri function is removing the initial /

l = strlen(prefix);
	if (!strncasecmp(uri, prefix, l) && uri[l] == '/') {
		uri += l + 1;

gjoseph · August 2, 2024, 3:44pm

The log make is look like the /ari handler isn’t loaded. Are you sure there are no errors in ari.conf preventing it from loading? Do a http show status. It should show…

HTTP Server Status:
Prefix: 
Server: Asterisk/18.16.0
Server Enabled and Bound to 0.0.0.0:8088

HTTPS Server Enabled and Bound to 0.0.0.0:8089

Enabled URI's:
/httpstatus => Asterisk HTTP General Status
<maybe some other stuff>
/ari/... => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket

mikaelwills · August 2, 2024, 3:55pm

I did show status and ari wasn’t there.
the module was running thought from ‘module show like ari’

Went to the config files and they some how had been reset… with enable=no
Edited the ari config files, fwconsole restart
http show status showed that ari is up and running.

Restarted my code and the ‘could not upgrade to websocket error’ is now gone so i assume its successful. Really not sure what happened there

mikaelwills · August 2, 2024, 3:59pm

Would you be able to just confirm to me that listening to the ARI events, you’re able to monitor calls being made and extract the caller and callee extension numbers?
Or can this only be done with the AMI?

mikaelwills · August 2, 2024, 4:02pm

Just restarted my code again and the websocket cannot connect again: ‘was not upgraded to websocket’

When it did connect i had the json messages coming through, is there some sort of connection throttling on the server that won’t upgrade a socket if too many connection requests come through?

just did http show status and ari is now gone again and the ari config files have been reset, it seems to be turning itself off automatically

gjoseph · August 2, 2024, 4:22pm

That may be FreePBX doing that. Is there an ari_custom.conf file or something you can edit or is there a FreePBX setting to turn ARI on or off? I don’t have an FPBX system handy to look at.

edit…

ari_additional_custom.conf for additional users
ari_general_custom.conf for general settings

mikaelwills · August 5, 2024, 8:20am

Ah yep, theres FreePBX UI settings i was overlooking. Ticked them, made a new user for me.
Has connected over 10 times now without fail and can parse all the events coming through. Thank you!

system · September 4, 2024, 8:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Asterisk ARI Getting-Started-with-ARI initial connection 404s Asterisk APIs	5	389	March 31, 2024
Asterisk ARI Authentication Asterisk APIs	4	2751	May 24, 2020
ARI Authentication (asterisk) Asterisk Support	1	542	February 2, 2016
ARI Websocket issues related to wscat Asterisk APIs	2	904	January 20, 2021
Asterisk ARI with secure websocket wss not working Asterisk Support	0	479	May 19, 2015

ARI web socket authentication

Related topics