Authentication

Authentication is, for now, just plain HTTP authentication (so be sure any production servers run on SSL).

Each domain is associated with (for now) one user account, this is done with the account column in the domains table. This is used because it's a "standard column" in the PowerDNS database schema and the PowerDNS server supports populating it if you are using the supermasters feature.

To setup a password for an account, use the account option to the powerdns_api program: ./script/powerdns_api account [account-name] [password], for example ./script/powerdns_api account example verysecret will setup an example account.

You can then list the domains in the example account with

curl -u example:verysecret http://localhost:3000/

Future plans

Support an authentication token or maybe OAuth to make it easier to integrate the API in a front-end/client application.

If the request parameters are plain HTTP queries, it'd be easy to also have an API secret and sign the requests.

If there's an HTML/JS interface we'll need to add a CSRF token of sorts to all requests.