From b2992acc567740abe3aba518c4ab140327f34f1d Mon Sep 17 00:00:00 2001 From: Ivo Oskamp Date: Tue, 10 Feb 2026 15:42:11 +0100 Subject: [PATCH] Update Cove TODO: API user created, add testing instructions Major progress update: - API user successfully created in Cove portal - Credentials: SuperUser role, top-level customer access, token generated - Portal URL identified: https://backup.management - API user management: https://backup.management/#/api-users Added comprehensive testing section: - Likely API base URLs to test (api.backup.management, backup.management/api) - Step-by-step Phase 1 testing instructions - Multiple curl command examples for authentication testing - Different auth header formats to try (Bearer, X-API-Key) - Common endpoints to discover (accounts, customers, devices) - POC Python script template Next steps: 1. Test API authentication with curl commands 2. Find working API base URL and auth method 3. Discover available endpoints 4. Document API response format 5. Create POC script for data retrieval Status: Ready for immediate API testing! Co-Authored-By: Claude Sonnet 4.5 --- TODO-cove-data-protection.md | 157 +++++++++++++++++++++++++++++++---- 1 file changed, 143 insertions(+), 14 deletions(-) diff --git a/TODO-cove-data-protection.md b/TODO-cove-data-protection.md index 4d3f9fc..ddcdf15 100644 --- a/TODO-cove-data-protection.md +++ b/TODO-cove-data-protection.md @@ -140,11 +140,55 @@ Unified → → Common Processor → JobRun - Contact Cove support for API access instructions ### Phase 1: API Research & POC -1. [ ] Research Cove API documentation -2. [ ] Test API authentication -3. [ ] Test data retrieval (1 backup job) -4. [ ] Mapping of Cove data → Backupchecks model -5. [ ] Proof of concept script (standalone) + +**Step 1: Find API Base URL** +- [ ] Check Cove admin portal for API documentation link +- [ ] Common patterns to try: + - `https://api.backup.management/` + - `https://api.cove.n-able.com/` + - `https://backup.management/api/` + - `https://cloudbackup.management/api/` +- [ ] Check API user creation page for hints/links +- [ ] Look for "API Documentation" or "Developer" menu in portal + +**Step 2: Test Authentication** +- [ ] Determine token format (Bearer token? API key header? Query param?) +- [ ] Common authentication patterns to test: + ```bash + # Option 1: Bearer token + curl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com/endpoint + + # Option 2: API Key header + curl -H "X-API-Key: YOUR_TOKEN" https://api.example.com/endpoint + + # Option 3: Custom header + curl -H "X-Auth-Token: YOUR_TOKEN" https://api.example.com/endpoint + ``` +- [ ] Test with simple endpoint (e.g., `/api/v1/status`, `/api/accounts`, `/api/devices`) + +**Step 3: Discover Available Endpoints** +- [ ] Find API documentation/reference +- [ ] Look for OpenAPI/Swagger spec +- [ ] Key endpoints we need: + - List customers/accounts + - List backup devices/jobs + - Get backup job history + - Get backup job status/details + - Get backup run results (success/failed/warnings) + +**Step 4: Test Data Retrieval** +- [ ] Test listing customers (verify top-level access works) +- [ ] Test listing backup jobs for one customer +- [ ] Test retrieving details for one backup job +- [ ] Document response format (JSON structure) +- [ ] Save example API responses for reference + +**Step 5: Proof of Concept Script** +1. [ ] Create standalone Python script (outside Backupchecks) +2. [ ] Test authentication and data retrieval +3. [ ] Parse API response to extract key fields +4. [ ] Mapping of Cove data → Backupchecks JobRun model +5. [ ] Document findings in this TODO ### Phase 2: Database Changes 1. [ ] Decide: extend MailMessage model or new source type? @@ -224,13 +268,79 @@ Other backup systems that use APIs: ## 🚀 Next Steps -1. **Research first!** - Start with API documentation investigation -2. Create POC script (standalone, outside Backupchecks) -3. Document findings in this file -4. Decide which architecture option (1, 2, or 3) -5. Only then start implementation +### Immediate Actions (Ready to Start!) -**Status:** Waiting on API research completion. +**1. Find API Documentation** +- Check Cove admin portal for "API" or "Developer" section +- Look for documentation links on the API user creation page +- Search Cove knowledge base for "API documentation" +- Try common API base URLs with `/docs` or `/swagger` endpoints + +**2. Quick API Test** (can be done now with token!) +Try these curl commands to test authentication: + +```bash +# Replace YOUR_TOKEN with actual token from https://backup.management/#/api-users +# Try different authentication methods and endpoints: + +# Test 1: Bearer token + accounts endpoint +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/accounts + +# Test 2: API Key header +curl -v -H "X-API-Key: YOUR_TOKEN" \ + https://api.backup.management/api/accounts + +# Test 3: Alternative base URL +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://backup.management/api/accounts + +# Test 4: Check for API documentation +curl https://api.backup.management/swagger +curl https://api.backup.management/docs +curl https://backup.management/api/docs + +# Test 5: Try common endpoints +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/customers + +curl -v -H "Authorization: Bearer YOUR_TOKEN" \ + https://api.backup.management/api/devices + +# Note: Use -v flag to see full HTTP response including headers +# Look for authentication errors vs 404 errors to determine correct URL/auth +``` + +**3. Document Findings** +After successful API call, document in this file: +- Working API base URL +- Correct authentication header format +- Available endpoints discovered +- Example response format + +**4. Create POC Script** +Once API works, create standalone Python test script: +```python +import requests + +# Test script to retrieve Cove backup data +token = "YOUR_TOKEN" +base_url = "https://api.example.com" + +headers = { + "Authorization": f"Bearer {token}", + "Content-Type": "application/json" +} + +# Get list of customers +response = requests.get(f"{base_url}/api/customers", headers=headers) +print(response.json()) +``` + +**5. Plan Integration** +Based on POC results, decide architecture approach and start implementation + +**Status:** Ready for API testing - token available! --- @@ -243,9 +353,28 @@ Other backup systems that use APIs: ### Current Status (2026-02-10) - ✅ **Confirmed:** Cove Data Protection HAS API access (mentioned in documentation) -- ❓ **Unknown:** How to enable/activate API access in Cove portal -- ❓ **Unknown:** API documentation location -- 🎯 **Next action:** Find API activation instructions in Cove admin portal or contact support +- ✅ **Found:** API user creation location in Cove portal +- ✅ **Created:** API user with SuperUser role and token +- ❓ **Testing needed:** API base URL and authentication method +- ❓ **Unknown:** Available endpoints and documentation +- 🎯 **Next action:** Test API access with token and find documentation + +### API Credentials (Created) +- **Authentication:** Token-based +- **Role:** SuperUser (full access) +- **Scope:** Top-level customer (access to all sub-customers) +- **Token:** Generated (store securely!) +- **Portal URL:** https://backup.management +- **API User Management:** https://backup.management/#/api-users + +**IMPORTANT:** Store token in secure location (password manager) - cannot be retrieved again if lost! + +### Likely API Base URLs to Test +Based on portal URL `backup.management`: +1. `https://api.backup.management` (most common pattern) +2. `https://backup.management/api` +3. `https://api.backup.management/jsonapi` (some backup systems use this) +4. Check API user page for hints or documentation links ### Possible Admin Portal Locations Check these sections in Cove dashboard: