diff --git a/TODO-cove-data-protection.md b/TODO-cove-data-protection.md index 4d3f9fc..ddcdf15 100644 --- a/TODO-cove-data-protection.md +++ b/TODO-cove-data-protection.md @@ -140,11 +140,55 @@ Unified → → Common Processor → JobRun - Contact Cove support for API access instructions ### Phase 1: API Research & POC -1. [ ] Research Cove API documentation -2. [ ] Test API authentication -3. [ ] Test data retrieval (1 backup job) -4. [ ] Mapping of Cove data → Backupchecks model -5. [ ] Proof of concept script (standalone) + +**Step 1: Find API Base URL** +- [ ] Check Cove admin portal for API documentation link +- [ ] Common patterns to try: + - `https://api.backup.management/` + - `https://api.cove.n-able.com/` + - `https://backup.management/api/` + - `https://cloudbackup.management/api/` +- [ ] Check API user creation page for hints/links +- [ ] Look for "API Documentation" or "Developer" menu in portal + +**Step 2: Test Authentication** +- [ ] Determine token format (Bearer token? API key header? Query param?) +- [ ] Common authentication patterns to test: + ```bash + # Option 1: Bearer token + curl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com/endpoint + + # Option 2: API Key header + curl -H "X-API-Key: YOUR_TOKEN" https://api.example.com/endpoint + + # Option 3: Custom header + curl -H "X-Auth-Token: YOUR_TOKEN" https://api.example.com/endpoint + ``` +- [ ] Test with simple endpoint (e.g., `/api/v1/status`, `/api/accounts`, `/api/devices`) + +**Step 3: Discover Available Endpoints** +- [ ] Find API documentation/reference +- [ ] Look for OpenAPI/Swagger spec +- [ ] Key endpoints we need: + - List customers/accounts + - List backup devices/jobs + - Get backup job history + - Get backup job status/details + - Get backup run results (success/failed/warnings) + +**Step 4: Test Data Retrieval** +- [ ] Test listing customers (verify top-level access works) +- [ ] Test listing backup jobs for one customer +- [ ] Test retrieving details for one backup job +- [ ] Document response format (JSON structure) +- [ ] Save example API responses for reference + +**Step 5: Proof of Concept Script** +1. [ ] Create standalone Python script (outside Backupchecks) +2. [ ] Test authentication and data retrieval +3. [ ] Parse API response to extract key fields +4. [ ] Mapping of Cove data → Backupchecks JobRun model +5. [ ] Document findings in this TODO ### Phase 2: Database Changes 1. [ ] Decide: extend MailMessage model or new source type? @@ -224,13 +268,79 @@ Other backup systems that use APIs: ## 🚀 Next Steps -1. **Research first!** - Start with API documentation investigation -2. Create POC script (standalone, outside Backupchecks) -3. Document findings in this file -4. Decide which architecture option (1, 2, or 3) -5. Only then start implementation +### Immediate Actions (Ready to Start!) -**Status:** Waiting on API research completion. +**1. Find API Documentation** +- Check Cove admin portal for "API" or "Developer" section +- Look for documentation links on the API user creation page +- Search Cove knowledge base for "API documentation" +- Try common API base URLs with `/docs` or `/swagger` endpoints + +**2. Quick API Test** (can be done now with token!) +Try these curl commands to test authentication: + +```bash +# Replace YOUR_TOKEN with actual token from https://backup.management/#/api-users +# Try different authentication methods and endpoints: + +# Test 1: Bearer token + accounts endpoint +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/accounts + +# Test 2: API Key header +curl -v -H "X-API-Key: YOUR_TOKEN" \ + https://api.backup.management/api/accounts + +# Test 3: Alternative base URL +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://backup.management/api/accounts + +# Test 4: Check for API documentation +curl https://api.backup.management/swagger +curl https://api.backup.management/docs +curl https://backup.management/api/docs + +# Test 5: Try common endpoints +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/customers + +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/devices + +# Note: Use -v flag to see full HTTP response including headers +# Look for authentication errors vs 404 errors to determine correct URL/auth +``` + +**3. Document Findings** +After successful API call, document in this file: +- Working API base URL +- Correct authentication header format +- Available endpoints discovered +- Example response format + +**4. Create POC Script** +Once API works, create standalone Python test script: +```python +import requests + +# Test script to retrieve Cove backup data +token = "YOUR_TOKEN" +base_url = "https://api.example.com" + +headers = { + "Authorization": f"Bearer {token}", + "Content-Type": "application/json" +} + +# Get list of customers +response = requests.get(f"{base_url}/api/customers", headers=headers) +print(response.json()) +``` + +**5. Plan Integration** +Based on POC results, decide architecture approach and start implementation + +**Status:** Ready for API testing - token available! --- @@ -243,9 +353,28 @@ Other backup systems that use APIs: ### Current Status (2026-02-10) - ✅ **Confirmed:** Cove Data Protection HAS API access (mentioned in documentation) -- ❓ **Unknown:** How to enable/activate API access in Cove portal -- ❓ **Unknown:** API documentation location -- 🎯 **Next action:** Find API activation instructions in Cove admin portal or contact support +- ✅ **Found:** API user creation location in Cove portal +- ✅ **Created:** API user with SuperUser role and token +- ❓ **Testing needed:** API base URL and authentication method +- ❓ **Unknown:** Available endpoints and documentation +- 🎯 **Next action:** Test API access with token and find documentation + +### API Credentials (Created) +- **Authentication:** Token-based +- **Role:** SuperUser (full access) +- **Scope:** Top-level customer (access to all sub-customers) +- **Token:** Generated (store securely!) +- **Portal URL:** https://backup.management +- **API User Management:** https://backup.management/#/api-users + +**IMPORTANT:** Store token in secure location (password manager) - cannot be retrieved again if lost! + +### Likely API Base URLs to Test +Based on portal URL `backup.management`: +1. `https://api.backup.management` (most common pattern) +2. `https://backup.management/api` +3. `https://api.backup.management/jsonapi` (some backup systems use this) +4. Check API user page for hints or documentation links ### Possible Admin Portal Locations Check these sections in Cove dashboard: