Skip to main content

phpIPAM

Introduction

phpIPAM - Open source IP address management.

phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.

URLs:

Installation

Requirements
  1. Apache2 webserver with php support or Nginx with php-fpm
  2. Mysql server (5.1+)
  3. PHP:
    • version 5.3 supported to phpipam version 1.3.1
    • version 5.4
    • version 7.2 and higher supported from phpipam release 1.3.2
  4. PHP modules:
    • pdo, pdo_mysql : Adds support for mysql connections
    • session : Adds persistent session support
    • sockets : Adds sockets support
    • openssl : Adds openSSL support
    • gmp : Adds support for dev-libs/gmp (GNU MP library) -> to calculate IPv6 networks
    • ldap : Adds LDAP support (Lightweight Directory Access Protocol – for AD also)
    • crypt : Add support for password encryption
    • SimpleXML: Support for SimpleXML (optional, for RIPE queries and if required for API)
    • json: Enable JSON support
    • gettext: Enables translation
    • filter : Adds filtering support
    • pcntl : Add support for process creation functions (optional, required for scanning)
    • cli : Enable CLI (optional, required for scanning and status checks)
    • mbstring : Enable mbstring support
  5. php PEAR support

You can check which php modules are enabled by issuing php -m in command line.

API Develop

Enable API and Create new API Key (code)

By default, the API is Disabled, go to Enable it first.

IPAM Web > Administration > Server management > phpIPAM settings > API: ON

IPAM Web > Administration > API > Create API Key

  • App id: devappro (自定義 app 名稱,建議不同的 APP 使用不同的 app_id)
  • App code: <系統自動產生一組密鑰>
  • App permissions: Read (依實際需求選擇)
  • App security: User token (如果連線協定不想用 HTTPS,這裡必須是 User token)
  • Transaction locking: No
  • Lock timeout: 0
  • Nest custom fields: No
  • Show links: No

NOTE:

如果 App security 是 User token,表示 API 連線協定使用不加密的 HTTP,這時系統會提示需要變更 config.php 的參數。

$api_allow_unsafe = true;

API Test with curl

API 使用注意

  1. 第一次連線,需要先登入 IPAM 的帳號/密碼並取得一組 Token,預設有效期是 6 小時。
  2. 每次連線 API 時,必須在 header 內包含一組有效的 Token,才能通過認證;否則會顯示 Unauthorized
  3. 先前建立的 API Key 與 第一項的 Token 兩個是不一樣的東西,用途也不同。基本上 API Client 開發只會用到 Token。
  4. Token 一旦超過有效期,有兩種做法可以繼續 API 連線。
    • 延展已過期的 Token。
    • 以帳密重新取得新的 Token。(注意: 原 Token 將會永久失效)

以帳號取得一組 token: /api/{app_id}/user/

TIP: 相同語法也能用在驗證特定帳密是否有效。

#> curl -X POST --user admin:thisispassword http://10.10.2.207/api/devappro/user/ -i

HTTP/1.1 200 OK
Date: Wed, 15 Jun 2022 05:40:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: phpipam=ttm3cg1ctpq1vqn2lv1rht3kl1; expires=Thu, 16-Jun-2022 05:40:01 GMT; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 116
Content-Type: application/json; charset=utf-8

{"code":200,"success":true,"data":{"token":"7dMGzul08SsPMhDDOK-oZdBk","expires":"2022-06-15 19:40:01"},"time":0.009}

查詢 token 的有效期: /api/{app_id}/user/token_expires/

#> curl -X GET http://10.10.2.207/api/devappro/user/token_expires/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 19:44:31"},"time":0.002}

延展 token 有效期: /api/{app_id}/user/

TIP: 每次延展會以 6 小時為限,多次延展也不會超過 6 小時

curl -X PATCH http://10.10.2.207/api/devappro/user/ --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":{"expires":"2022-06-15 21:11:37"},"time":0.004}

以 IP 搜尋資料庫: /api/{app_id}//addresses/search/{ip-address}/

# IP is existed.
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.8 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":true,"data":[{"id":"271","subnetId":"22","ip":"10.10.1.8","is_gateway":null,"description":"FAB A-VM Server-VM05","hostname":"TPECIMVM05","mac":null,"owner":null,"tag":"2","deviceId":null,"location":"3","port":null,"note":null,"lastSeen":"2022-06-15 13:30:01","excludePing":null,"PTRignore":null,"PTR":"0","firewallAddressObject":null,"editDate":"2022-06-15 13:30:10","customer_id":null}],"time":0.017}

# IP not found
curl -X GET http://10.10.2.207/api/devappro/addresses/search/10.10.1.7 --header "token: 7dMGzul08SsPMhDDOK-oZdBk"
{"code":200,"success":false,"message":"Address not found","time":0.007}

延伸閱讀