phpIPAM

Introduction

phpIPAM - Open source IP address management.

phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.

URLs:

• Home: https://phpipam.net/
• API: https://phpipam.net/api/api_documentation/
• Github: https://github.com/phpipam/

Installation

• https://phpipam.net/documents/installation/
  

Requirements

1. Apache2 webserver with php support or Nginx with php-fpm
2. Mysql server (5.1+)
3. PHP:
   • version 5.3 supported to phpipam version 1.3.1
   • version 5.4
   • version 7.2 and higher supported from phpipam release 1.3.2
4. PHP modules:
   • pdo, pdo_mysql : Adds support for mysql connections
   • session : Adds persistent session support
   • sockets : Adds sockets support
   • openssl : Adds openSSL support
   • gmp : Adds support for dev-libs/gmp (GNU MP library) -> to calculate IPv6 networks
   • ldap : Adds LDAP support (Lightweight Directory Access Protocol – for AD also)
   • crypt : Add support for password encryption
   • SimpleXML: Support for SimpleXML (optional, for RIPE queries and if required for API)
   • json: Enable JSON support
   • gettext: Enables translation
   • filter : Adds filtering support
   • pcntl : Add support for process creation functions (optional, required for scanning)
   • cli : Enable CLI (optional, required for scanning and status checks)
   • mbstring : Enable mbstring support
5. php PEAR support

You can check which php modules are enabled by issuing php -m in command line.

API Develop

Enable API and Create new API Key (code)

By default, the API is Disabled, go to Enable it first.

IPAM Web > Administration > Server management > phpIPAM settings > API: ON

IPAM Web > Administration > API > Create API Key

• App id: devappro (自定義 app 名稱，建議不同的 APP 使用不同的 app_id)
• App code: <系統自動產生一組密鑰>
• App permissions: Read (依實際需求選擇)
  
• App security: User token (如果連線協定不想用 HTTPS，這裡必須是 User token)
  
• Transaction locking: No
• Lock timeout: 0
• Nest custom fields: No
• Show links: No

NOTE:

如果 App security 是 User token，表示 API 連線協定使用不加密的 HTTP，這時系統會提示需要變更 config.php 的參數。

$api_allow_unsafe = true;

API Test with curl

API 使用注意

1. 第一次連線，需要先登入 IPAM 的帳號/密碼並取得一組 Token，預設有效期是 6 小時。
2. 每次連線 API 時，必須在 header 內包含一組有效的 Token，才能通過認證；否則會顯示 Unauthorized。
3. 先前建立的 API Key 與 第一項的 Token 兩個是不一樣的東西，用途也不同。基本上 API Client 開發只會用到 Token。
4. Token 一旦超過有效期，有兩種做法可以繼續 API 連線。
   • 延展已過期的 Token。
   • 以帳密重新取得新的 Token。(注意: 原 Token 將會永久失效)

以帳號取得一組 token: /api/{app_id}/user/

TIP: 相同語法也能用在驗證特定帳密是否有效。

#> curl -X POST --user admin:thisispassword http://10.10.2.207/api/devappro/user/ -i

HTTP/1.1 200 OK
Date: Wed, 15 Jun 2022 05:40:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: phpipam=ttm3cg1ctpq1vqn2lv1rht3kl1; expires=Thu, 16-Jun-2022 05:40:01 GMT; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 116
Content-Type: application/json; charset=utf-8

{"code":200,"success":true,"data":{"token":"7dMGzul08SsPMhDDOK-oZdBk","expires":"2022-06-15 19:40:01"},"time":0.009}

查詢 token 的有效期: /api/{app_id}/user/token_expires/

#> curl -X GET http://10.10.2.207/api/devappro/user/token_expires/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 19:44:31"},"time":0.002}

延展 token 有效期: /api/{app_id}/user/

TIP: 每次延展會以 6 小時為限，多次延展也不會超過 6 小時

curl -X PATCH http://10.10.2.207/api/devappro/user/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 21:11:37"},"time":0.004}

以 IP 搜尋資料庫: /api/{app_id}//addresses/search/{ip-address}/

# IP is existed.
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.8 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":[{"id":"271","subnetId":"22","ip":"10.10.1.8","is_gateway":null,"description":"FAB A-VM Server-VM05","hostname":"TPECIMVM05","mac":null,"owner":null,"tag":"2","deviceId":null,"location":"3","port":null,"note":null,"lastSeen":"2022-06-15 13:30:01","excludePing":null,"PTRignore":null,"PTR":"0","firewallAddressObject":null,"editDate":"2022-06-15 13:30:10","customer_id":null}],"time":0.017}

# IP not found
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.7 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":false,"message":"Address not found","time":0.007}

延伸閱讀

• Perl5 Interface: https://github.com/natxo/phpipam-API
• 11 Best IP Address Management Tools for Linux Network