First bits of an API

11 years ago · c93241fe91
parent b60e1b23bb
commit c93241fe91
10 changed files with 780 additions and 22 deletions
--- a/docs/api/client.html
+++ b/docs/api/client.html
@ -0,0 +1,221 @@
+<!doctype html>
+<html>
+	<head>
+		<style>
+			body {
+				background-color: #F5F5F5;
+				font-family: sans-serif;
+				margin-right: 40px;
+			}
+
+			h2, h3, h4, h5, h6, h7
+			{
+				margin-top: 16px;
+				margin-bottom: 4px;
+			}
+
+			.children { padding-left: 40px; }
+
+			.definition
+			{
+				font-weight: bold;
+				margin-bottom: 32px;
+			}
+
+			.example 
+			{ 
+				padding: 5px 6px;
+				font-weight: bold;
+				font-size: 15px;
+				background-color: #E6E6E6; 
+				margin-top: 11px;
+			}
+
+			.example > .children
+			{
+				padding-top: 11px;
+				padding-left: 10px;
+			}
+
+			.example > .children > h7
+			{
+				font-size: 13px;
+			}
+
+			h7
+			{
+				font-size: 14px;
+				font-weight: bold;
+				margin-bottom: 2px;
+			}
+
+			pre
+			{
+				margin-top: 0px;
+				padding: 6px 7px;
+				background-color: #D9D9D9;
+				font-weight: normal;
+				font-size: 13px;
+			}
+
+			dl
+			{
+				margin: 5px 0px;
+			}
+
+			dt
+			{
+				font-weight: bold;
+			}
+
+			dd
+			{
+				font-size: 14px;
+				font-weight: normal;
+				margin-left: 8px;
+			}
+			
+			dd > .children
+			{
+				font-size: 95%;
+			}
+			
+			dd > .children > dl > dd
+			{
+				margin-left: 13px;
+			}
+
+			.exclamation
+			{
+				padding: 7px 8px;
+				margin: 11px 0px;
+				background-color: #FFE9AA;
+				border: 1px solid yellow;
+				font-size: 15px;
+				font-weight: normal;
+			}
+
+			.text
+			{
+				font-size: 15px;
+				font-weight: normal;
+				margin-bottom: 14px;
+				margin-top: 10px;
+			}
+
+			.toc
+			{
+				border: 1px solid gray;
+				background-color: #E6E6E6;
+				padding: 8px 9px;
+				font-size: 15px;
+				margin-bottom: 12px;
+			}
+
+			.toc h2
+			{
+				margin: 0px 0px 3px 0px;
+				font-size: 19px;
+			}
+
+			.toc ul
+			{
+				margin-top: 0px;
+				margin-bottom: 0px;
+				padding-left: 25px;
+			}
+
+			.toc li
+			{
+				margin-bottom: 2px;
+			}
+
+			.toc .alternatives
+			{
+				font-size: 12px;
+			}
+
+			.toc a
+			{
+				color: #292722;
+			}
+
+			.toc a:hover
+			{
+				color: black;
+			}
+			
+			.fixed
+			{
+				font-family: monospace;
+				background-color: white;
+				padding: 1px 4px;
+				border: 1px solid silver;
+				border-radius: 4px;
+			}
+		</style>
+	</head>
+	<body>
+		<div class="children"><h1>CVM Client API Documentation</h1><div class="toc"><h2>Table of contents</h2><ul><li><a href="#GETapiclientvpslist">GET /api/client/vps/list</a> This call will return a list of VPSes associated with the currently... </li><li><a href="#GETapiclientvpsidstatus">GET /api/client/vps/id/status</a> This returns the current status and metrics for the specified VPS. The response... </li><li><a href="#POSTapiclientvpsidstart">POST /api/client/vps/id/start</a> Starts the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty... </li><li><a href="#POSTapiclientvpsidstop">POST /api/client/vps/id/stop</a> Shuts down the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty... </li><li><a href="#POSTapiclientvpsidrestart">POST /api/client/vps/id/restart</a> Restarts the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty... </li></ul></div><h2>Overview</h2><div class="text">The CVM Client API is a more or less RESTful API. That means it uses the standard HTTP 'verbs' like GET, POST, DELETE, etc. to execute certain commands. Authentication takes place per request (there is no concept of 'sessions') through the use of custom HTTP headers. Each API token pair is linked to a particular user, and can only be used for that user. A user can have multiple token pairs. Token pairs can be revoked at any time via the panel.</div><h2>Authentication</h2><div class="text">The CVM Client API expects two custom HTTP headers as authentication.</div><dl><dt>API-Public-Token</dt><dd>This is the public part of your API token pair. It's used to identify who you are.<div class="children"></div></dd></dl><dl><dt>API-Private-Token</dt><dd>This is the private part of your API token pair. It's used to verify your access.<div class="children"></div></dd></dl><div class="text">If no valid token pair is passed on with your request, the server will return a <span class="fixed">401 Not Authorized</span> status code.</div><div class="text">If your token pair does not have access to the client API, the server will return a <span class="fixed">403 Forbidden</span> status code.</div><h2>Response format</h2><div class="text">The API responses will always be in JSON format. If errors occurred, an <span class="fixed">errors</span> key will be present containing an array of errors. If there is a response, a <span class="fixed">response</span> key will be present containing the response.</div><div class="example">Example: Valid API call <div class="children"><h7>Code:</h7><pre class="code">/api/client/vps/list</pre><h7>Output:</h7><pre class="output">{
+    "response": {
+	"vpses": [{
+	    "id": "1",
+	    "virtualization_type": "1",
+	    "hostname": "test-vz.cryto.net",
+	    "guaranteed_ram": "128",
+	    "burstable_ram": "256",
+	    "disk_space": "5000",
+	    "cpu_count": "1",
+	    "traffic_in_limit": "500000000000",
+	    "traffic_out_limit": "500000000000",
+	    "traffic_in_used": "912727849",
+	    "traffic_out_used": "16923948"
+	}, {
+	    "id": "2",
+	    "virtualization_type": "1",
+	    "hostname": "test2.cryto.net",
+	    "guaranteed_ram": "512",
+	    "burstable_ram": "768",
+	    "disk_space": "40000",
+	    "cpu_count": "240",
+	    "traffic_in_limit": "500000000000",
+	    "traffic_out_limit": "500000000000",
+	    "traffic_in_used": "0",
+	    "traffic_out_used": "0"
+	}]
+    }
+}</pre></div></div><div class="example">Example: API call with invalid token pair <div class="children"><h7>Code:</h7><pre class="code">/api/client/vps/list</pre><h7>Output:</h7><pre class="output">{
+    "errors": ["No valid API token pair was specified."]
+}</pre></div></div><h2>API Calls</h2><div class="definition"><a name="GETapiclientvpslist">GET /api/client/vps/list <div class="children"><div class="text">This call will return a list of VPSes associated with the currently authenticated user. It takes no arguments.</div><h3>Keys in the response objects</h3><dl><dt>id</dt><dd>The numeric ID of this VPS. You will need this in further API calls.<div class="children"></div></dd></dl><dl><dt>node</dt><dd>The host node that this VPS exists on. You will need this in further node-related API calls.<div class="children"></div></dd></dl><dl><dt>virtualization_type</dt><dd>The virtualization platform used for this VPS. Right now the only supported value is <span class="fixed">1</span> (OpenVZ).<div class="children"></div></dd></dl><dl><dt>hostname</dt><dd>The configured hostname of the VPS.<div class="children"></div></dd></dl><dl><dt>guaranteed_ram</dt><dd>The configured amount of guaranteed RAM, in <strong>megabytes</strong>.<div class="children"></div></dd></dl><dl><dt>burstable_ram</dt><dd>The configured amount of burstable RAM, in <strong>megabytes</strong>. <em>This key may not be present if vSwap is used.</em><div class="children"></div></dd></dl><dl><dt>disk_space</dt><dd>The configured amount of disk space, in <strong>megabytes</strong>.<div class="children"></div></dd></dl><dl><dt>cpu_count</dt><dd>The amount of configured CPUs (or rather, CPU units) that this VPS has access to.<div class="children"></div></dd></dl><dl><dt>traffic_limit</dt><dd>The total traffic limit, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><dl><dt>traffic_used</dt><dd>The total amount of traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><dl><dt>traffic_in_limit</dt><dd>The total incoming traffic limit, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><dl><dt>traffic_in_used</dt><dd>The total amount of incoming traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><dl><dt>traffic_out_limit</dt><dd>The total outgoing traffic limit, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><dl><dt>traffic_out_used</dt><dd>The total amount of outgoing traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring. See the explanation below.</em><div class="children"></div></dd></dl><div class="exclamation"><strong>Important:</strong> If traffic accounting for the VPS is combined (incoming + outgoing), a <span class="fixed">traffic_limit</span> and <span class="fixed">traffic_used</span> key will be present. If traffic accounting for the VPS is split, the keys <span class="fixed">traffic_in_limit</span>, <span class="fixed">traffic_in_used</span>, <span class="fixed">traffic_out_limit</span>, and <span class="fixed">traffic_out_used</span> will be present. <div class="children"></div></div><div class="example">Example: Valid call to /api/client/vps/list <div class="children"><h7>Output:</h7><pre class="output">{
+    "response": {
+	"vpses": [{
+	    "id": "1",
+	    "node": "1",
+	    "virtualization_type": "1",
+	    "hostname": "test-vz.cryto.net",
+	    "guaranteed_ram": "128",
+	    "burstable_ram": "256",
+	    "disk_space": "5000",
+	    "cpu_count": "1",
+	    "traffic_in_limit": "500000000000",
+	    "traffic_out_limit": "500000000000",
+	    "traffic_in_used": "912727849",
+	    "traffic_out_used": "16923948"
+	}, {
+	    "id": "2",
+	    "node": "1",
+	    "virtualization_type": "1",
+	    "hostname": "test2.cryto.net",
+	    "guaranteed_ram": "512",
+	    "burstable_ram": "768",
+	    "disk_space": "40000",
+	    "cpu_count": "2",
+	    "traffic_in_limit": "500000000000",
+	    "traffic_out_limit": "500000000000",
+	    "traffic_in_used": "0",
+	    "traffic_out_used": "0"
+	}]
+    }
+}</pre></div></div></div></a></div><div class="definition"><a name="GETapiclientvpsidstatus">GET /api/client/vps/<em>id</em>/status <div class="children"><div class="text">This returns the current status and metrics for the specified VPS. The response will be a single object.</div><h3>Arguments</h3><dl><dt>id</dt><dd>The ID of the VPS you wish to retrieve the status for.<div class="children"></div></dd></dl><h3>Keys in the response object</h3><dl><dt>traffic_used</dt><dd>The total amount of traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring.</em><div class="children"></div></dd></dl><dl><dt>traffic_in_used</dt><dd>The total amount of incoming traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring.</em><div class="children"></div></dd></dl><dl><dt>traffic_out_used</dt><dd>The total amount of outgoing traffic used, in <strong>bytes</strong>. <em>This may not be present, depending on the method of traffic measuring.</em><div class="children"></div></dd></dl><dl><dt>ram_used</dt><dd>The amount of RAM that is currently in use for the VPS, in <strong>bytes</strong>.<div class="children"></div></dd></dl><dl><dt>disk_used</dt><dd>The amount of disk space currently used by the VPS, in <strong>bytes</strong>.<div class="children"></div></dd></dl><dl><dt>status</dt><dd>The current status of the VPS.<div class="children"><dl><dt>running</dt><dd>The VPS is active and booted.<div class="children"></div></dd></dl><dl><dt>stopped</dt><dd>The VPS is active and shut down.<div class="children"></div></dd></dl><dl><dt>suspended</dt><dd>The VPS is suspended.<div class="children"></div></dd></dl><dl><dt>terminated</dt><dd>The VPS is terminated.<div class="children"></div></dd></dl><dl><dt>unknown</dt><dd>The status of the VPS is unknown. This can happen when, for example, the host node can't be reached.<div class="children"></div></dd></dl></div></dd></dl></div></a></div><div class="definition"><a name="POSTapiclientvpsidstart">POST /api/client/vps/<em>id</em>/start <div class="children"><div class="text">Starts the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty response if successful, a <span class="fixed">500</span> status code with an error message if the VPS fails to start, or a <span class="fixed">503</span> status code with an error message if the host node is unreachable.</div><h3>Arguments</h3><dl><dt>id</dt><dd>The ID of the VPS you wish to start.<div class="children"></div></dd></dl></div></a></div><div class="definition"><a name="POSTapiclientvpsidstop">POST /api/client/vps/<em>id</em>/stop <div class="children"><div class="text">Shuts down the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty response if successful, a <span class="fixed">500</span> status code with an error message if the VPS fails to shut down, or a <span class="fixed">503</span> status code with an error message if the host node is unreachable.</div><h3>Arguments</h3><dl><dt>id</dt><dd>The ID of the VPS you wish to stop.<div class="children"></div></dd></dl></div></a></div><div class="definition"><a name="POSTapiclientvpsidrestart">POST /api/client/vps/<em>id</em>/restart <div class="children"><div class="text">Restarts the specified VPS. Returns either a <span class="fixed">200</span> status code with an empty response if successful, a <span class="fixed">500</span> status code with an error message if the VPS fails to restart, or a <span class="fixed">503</span> status code with an error message if the host node is unreachable.</div><h3>Arguments</h3><dl><dt>id</dt><dd>The ID of the VPS you wish to restart.<div class="children"></div></dd></dl></div></a></div></div>
+	</body>
+</html>
--- a/docs/api/client.zpy
+++ b/docs/api/client.zpy
@ -0,0 +1,230 @@
+# CVM Client API Documentation
+
+{TOC}
+
+## Overview
+
+The CVM Client API is a more or less RESTful API. That means it uses the standard HTTP 'verbs' like GET, POST, DELETE, etc. to execute certain commands.
+Authentication takes place per request (there is no concept of 'sessions') through the use of custom HTTP headers. Each API token pair is linked to a particular
+user, and can only be used for that user. A user can have multiple token pairs. Token pairs can be revoked at any time via the panel.
+
+## Authentication
+
+The CVM Client API expects two custom HTTP headers as authentication.
+
+API-Public-Token::
+	This is the public part of your API token pair. It's used to identify who you are.
+
+API-Private-Token::
+	This is the private part of your API token pair. It's used to verify your access.
+	
+If no valid token pair is passed on with your request, the server will return a `401 Not Authorized` status code.
+
+If your token pair does not have access to the client API, the server will return a `403 Forbidden` status code.
+
+## Response format
+
+The API responses will always be in JSON format. If errors occurred, an `errors` key will be present containing an array of errors. If there is a response, a `response` key will
+be present containing the response.
+
+@ Valid API call
+
+	$ /api/client/vps/list
+
+	> {
+	    "response": {
+		"vpses": [{
+		    "id": "1",
+		    "virtualization_type": "1",
+		    "hostname": "test-vz.cryto.net",
+		    "guaranteed_ram": "128",
+		    "burstable_ram": "256",
+		    "disk_space": "5000",
+		    "cpu_count": "1",
+		    "traffic_in_limit": "500000000000",
+		    "traffic_out_limit": "500000000000",
+		    "traffic_in_used": "912727849",
+		    "traffic_out_used": "16923948"
+		}, {
+		    "id": "2",
+		    "virtualization_type": "1",
+		    "hostname": "test2.cryto.net",
+		    "guaranteed_ram": "512",
+		    "burstable_ram": "768",
+		    "disk_space": "40000",
+		    "cpu_count": "240",
+		    "traffic_in_limit": "500000000000",
+		    "traffic_out_limit": "500000000000",
+		    "traffic_in_used": "0",
+		    "traffic_out_used": "0"
+		}]
+	    }
+	}
+
+@ API call with invalid token pair
+
+	$ /api/client/vps/list
+	
+	> {
+	    "errors": ["No valid API token pair was specified."]
+	}
+
+## API Calls
+
+^ GET /api/client/vps/list
+
+	This call will return a list of VPSes associated with the currently authenticated user. It takes no arguments.
+	
+	### Keys in the response objects
+	
+	id::
+		The numeric ID of this VPS. You will need this in further API calls.
+		
+	node::
+		The host node that this VPS exists on. You will need this in further node-related API calls.
+		
+	virtualization_type::
+		The virtualization platform used for this VPS. Right now the only supported value is `1` (OpenVZ).
+		
+	hostname::
+		The configured hostname of the VPS.
+		
+	guaranteed_ram::
+		The configured amount of guaranteed RAM, in __megabytes__.
+		
+	burstable_ram::
+		The configured amount of burstable RAM, in __megabytes__. **This key may not be present if vSwap is used.**
+		
+	disk_space::
+		The configured amount of disk space, in __megabytes__.
+		
+	cpu_count::
+		The amount of configured CPUs (or rather, CPU units) that this VPS has access to.
+		
+	traffic_limit::
+		The total traffic limit, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+		
+	traffic_used::
+		The total amount of traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+		
+	traffic_in_limit::
+		The total incoming traffic limit, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+		
+	traffic_in_used::
+		The total amount of incoming traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+	
+	traffic_out_limit::
+		The total outgoing traffic limit, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+		
+	traffic_out_used::
+		The total amount of outgoing traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring. See the explanation below.**
+	
+	! If traffic accounting for the VPS is combined (incoming + outgoing), a `traffic_limit` and `traffic_used` key will be present. If traffic accounting for the VPS is split, the keys `traffic_in_limit`, `traffic_in_used`, `traffic_out_limit`, and `traffic_out_used` will be present.
+	
+	@ Valid call to /api/client/vps/list
+	
+		> {
+		    "response": {
+			"vpses": [{
+			    "id": "1",
+			    "node": "1",
+			    "virtualization_type": "1",
+			    "hostname": "test-vz.cryto.net",
+			    "guaranteed_ram": "128",
+			    "burstable_ram": "256",
+			    "disk_space": "5000",
+			    "cpu_count": "1",
+			    "traffic_in_limit": "500000000000",
+			    "traffic_out_limit": "500000000000",
+			    "traffic_in_used": "912727849",
+			    "traffic_out_used": "16923948"
+			}, {
+			    "id": "2",
+			    "node": "1",
+			    "virtualization_type": "1",
+			    "hostname": "test2.cryto.net",
+			    "guaranteed_ram": "512",
+			    "burstable_ram": "768",
+			    "disk_space": "40000",
+			    "cpu_count": "2",
+			    "traffic_in_limit": "500000000000",
+			    "traffic_out_limit": "500000000000",
+			    "traffic_in_used": "0",
+			    "traffic_out_used": "0"
+			}]
+		    }
+		}
+
+^ GET /api/client/vps/**id**/status
+	
+	This returns the current status and metrics for the specified VPS. The response will be a single object.
+	
+	### Arguments
+	
+	id::
+		The ID of the VPS you wish to retrieve the status for.
+		
+	### Keys in the response object
+	
+	traffic_used::
+		The total amount of traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring.**
+		
+	traffic_in_used::
+		The total amount of incoming traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring.**
+	
+	traffic_out_used::
+		The total amount of outgoing traffic used, in __bytes__. **This may not be present, depending on the method of traffic measuring.**
+		
+	ram_used::
+		The amount of RAM that is currently in use for the VPS, in __bytes__.
+		
+	disk_used::
+		The amount of disk space currently used by the VPS, in __bytes__.
+	
+	status::
+		The current status of the VPS.
+		
+		running::
+			The VPS is active and booted.
+		
+		stopped::
+			The VPS is active and shut down.
+			
+		suspended::
+			The VPS is suspended.
+			
+		terminated::
+			The VPS is terminated.
+			
+		unknown::
+			The status of the VPS is unknown. This can happen when, for example, the host node can't be reached.
+
+^ POST /api/client/vps/**id**/start
+
+	Starts the specified VPS. Returns either a `200` status code with an empty response if successful, a `500` status code with an error message if the VPS fails to start, or
+	a `503` status code with an error message if the host node is unreachable.
+	
+	### Arguments
+	
+	id::
+		The ID of the VPS you wish to start.
+
+^ POST /api/client/vps/**id**/stop
+
+	Shuts down the specified VPS. Returns either a `200` status code with an empty response if successful, a `500` status code with an error message if the VPS fails to shut down,
+	or a `503` status code with an error message if the host node is unreachable.
+	
+	### Arguments
+	
+	id::
+		The ID of the VPS you wish to stop.
+
+^ POST /api/client/vps/**id**/restart
+
+	Restarts the specified VPS. Returns either a `200` status code with an empty response if successful, a `500` status code with an error message if the VPS fails to restart, or
+	a `503` status code with an error message if the host node is unreachable.
+	
+	### Arguments
+	
+	id::
+		The ID of the VPS you wish to restart.
--- a/frontend/authenticators/api/client.php
+++ b/frontend/authenticators/api/client.php
@ -0,0 +1,57 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+ 
+if(!isset($_CVM)) { die("Unauthorized."); }
+
+$public_token = $_SERVER['HTTP_API_PUBLIC_TOKEN'];
+$private_token = $_SERVER['HTTP_API_PRIVATE_TOKEN'];
+
+if($result = $database->CachedQuery("SELECT * FROM api_keys WHERE `PublicToken` = :Token", array(":Token" => $public_token)))
+{
+	$sApiKey = new ApiKey($result);
+	
+	if($sApiKey->VerifyToken($private_token))
+	{
+		if($sApiKey->sKeyType >= API_CLIENT)
+		{
+			$sRouterAuthenticated = true;
+		}
+		else
+		{
+			$sResponseCode = 403;
+			$sResponse = array(
+				"errors" => array(
+					"The specified API token pair does not have access to this API."
+				)
+			);
+		}
+	}
+	else
+	{
+		$sResponseCode = 401;
+		$sResponse = array(
+			"errors" => array(
+				"No valid API token pair was specified."
+			)
+		);
+	}
+}
+else
+{
+	$sResponseCode = 401;
+	$sResponse = array(
+		"errors" => array(
+			"No valid API token pair was specified."
+		)
+	);
+}
--- a/frontend/classes/apikey.php
+++ b/frontend/classes/apikey.php
@ -0,0 +1,86 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+ 
+if(!isset($_CVM)) { die("Unauthorized."); }
+
+class ApiKey extends CPHPDatabaseRecordClass
+{
+	public $table_name = "api_keys";
+	public $fill_query = "SELECT * FROM api_keys WHERE `Id` = :Id";
+	public $verify_query = "SELECT * FROM api_keys WHERE `Id` = :Id";
+	
+	public $prototype = array(
+		'string' => array(
+			'PublicToken'		=> "PublicToken",
+			'PrivateToken'		=> "PrivateToken",
+			'Salt'			=> "Salt"
+		),
+		'numeric' => array(
+			'UserId'		=> "UserId",
+			'KeyType'		=> "KeyType"
+		),
+		'user' => array(
+			'User'			=> "UserId"
+		)
+	);
+	
+	public function GenerateSalt()
+	{
+		$this->uSalt = random_string(10);
+	}
+	
+	public function GenerateHash()
+	{
+		if(!empty($this->uSalt))
+		{
+			if(!empty($this->uToken))
+			{
+				$this->uPrivateToken = $this->CreateHash($this->uToken);
+			}
+			else
+			{
+				throw new MissingDataException("ApiKey object is missing a token.");
+			}
+		}
+		else
+		{
+			throw new MissingDataException("ApiKey object is missing a salt.");
+		}
+	}
+	
+	public function CreateHash($input)
+	{
+		global $settings;
+		$hash = crypt($input, "$5\$rounds=50000\${$this->uSalt}{$settings['salt']}$");
+		$parts = explode("$", $hash);
+		return $parts[4];
+	}
+	
+	public function VerifyToken($token)
+	{
+		if($this->CreateHash($token) == $this->sPrivateToken)
+		{
+			return true;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	
+	public function SetPrivateToken($token)
+	{
+		$this->uToken = $token;
+		$this->GenerateHash();
+	}
+}
--- a/frontend/includes/include.constants.php
+++ b/frontend/includes/include.constants.php
@ -23,5 +23,9 @@ define("CVM_STATUS_STOPPED",				5	);
 define("CVM_STATUS_SUSPENDED",				6	);
 define("CVM_STATUS_TERMINATED",				7	);

+define("API_CLIENT",					1	);
+define("API_BILLING",					2	);
+define("API_ADMIN",					3	);
+
 define("REGEX_HOSTNAME",	"/(([a-zA-Z0-9-]+\.)+)([a-zA-Z0-9-]+)/");
 ?>
--- a/frontend/includes/include.misc.php
+++ b/frontend/includes/include.misc.php
@ -163,3 +163,66 @@ function format_size($input, $multiplier = 1024, $group = false, $decimal_places
 		return $number . $unit;
 	}
 }
+
+function status_code($code)
+{
+	$codes = array(
+		100 => "Continue",
+		101 => "Switching Protocols",
+		200 => "OK",
+		201 => "Created",
+		202 => "Accepted",
+		203 => "Non-Authoritative Information",
+		204 => "No Content",
+		205 => "Reset Content",
+		206 => "Partial Content",
+		300 => "Multiple Choices",
+		301 => "Moved Permanently",
+		302 => "Moved Temporarily",
+		303 => "See Other",
+		304 => "Not Modified",
+		305 => "Use Proxy",
+		400 => "Bad Request",
+		401 => "Unauthorized",
+		402 => "Payment Required",
+		403 => "Forbidden",
+		404 => "Not Found",
+		405 => "Method Not Allowed",
+		406 => "Not Acceptable",
+		407 => "Proxy Authentication Required",
+		408 => "Request Time-out",
+		409 => "Conflict",
+		410 => "Gone",
+		411 => "Length Required",
+		412 => "Precondition Failed",
+		413 => "Request Entity Too Large",
+		414 => "Request-URI Too Large",
+		415 => "Unsupported Media Type",
+		418 => "I'm a teapot",
+		500 => "Internal Server Error",
+		501 => "Not Implemented",
+		502 => "Bad Gateway",
+		503 => "Service Unavailable",
+		504 => "Gateway Time-out",
+		505 => "HTTP Version not supported",
+	);
+	
+	if(array_key_exists($code, $codes))
+	{
+		$text = $codes[$code];
+	}
+	else
+	{
+		throw new Exception("The specified HTTP status code does not exist.");
+	}
+	
+	if(strpos(php_sapi_name(), "cgi") !== false)
+	{
+		header("Status: {$code} {$text}");
+	}
+	else
+	{
+		$protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0');
+		header("{$protocol} {$code} {$text}");
+	}
+}
--- a/frontend/modules/api/client/vps/list.php
+++ b/frontend/modules/api/client/vps/list.php
@ -0,0 +1,66 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+ 
+if(!isset($_CVM)) { die("Unauthorized."); }
+
+if($result = $database->CachedQuery("SELECT * FROM containers WHERE `UserId` = :UserId", array(':UserId' => $sApiKey->sUser->sId)))
+{
+	$sVpses = array();
+	
+	foreach($result->data as $row)
+	{
+		$sVps = new Vps($row);
+		
+		$sVpsData = array(
+			'id'			=> $sVps->sId,
+			'virtualization_type'	=> $sVps->sVirtualizationType,
+			'hostname'		=> $sVps->sHostname,
+			'guaranteed_ram'	=> $sVps->sGuaranteedRam,
+			'burstable_ram'		=> $sVps->sBurstableRam,
+			'disk_space'		=> $sVps->sDiskSpace,
+			'cpu_count'		=> $sVps->sCpuCount,
+			'node'			=> $sVps->sNodeId
+		);
+		
+		if($sVps->sTotalTrafficLimit == 0)
+		{
+			/* Split traffic accounting */
+			$sVpsData['traffic_in_limit'] = $sVps->sIncomingTrafficLimit;
+			$sVpsData['traffic_out_limit'] = $sVps->sOutgoingTrafficLimit;
+			$sVpsData['traffic_in_used'] = $sVps->sIncomingTrafficUsed;
+			$sVpsData['traffic_out_used'] = $sVps->sOutgoingTrafficUsed;
+		}
+		else
+		{
+			/* Combined traffic accounting */
+			$sVpsData['traffic_limit'] = $sVps->sTotalTrafficLimit;
+			$sVpsData['traffic_used'] = $sVps->sIncomingTrafficUsed + $sVps->sOutgoingTrafficUsed;
+		}
+		
+		$sVpses[] = $sVpsData;
+	}
+	
+	$sResponse = array(
+		'response' => array(
+			'vpses' => $sVpses
+		)
+	);
+}
+else
+{
+	$sResponse = array(
+		'response' => array(
+			'vpses' => array()
+		)
+	);
+}
--- a/frontend/modules/error/api/access.php
+++ b/frontend/modules/error/api/access.php
@ -0,0 +1,2 @@
+<?php
+/* Empty */
--- a/frontend/modules/test.php
+++ b/frontend/modules/test.php
@ -71,4 +71,13 @@ var_dump(
 var_dump(first_unused_ctid());
 */

-var_dump(format_size(900), format_size(900000), format_size(900000000), format_size(900000000000), format_size(900000000000000), format_size(9000000000000000));
+//var_dump(format_size(900), format_size(900000), format_size(900000000), format_size(900000000000), format_size(900000000000000), format_size(9000000000000000));
+
+$sKey = new ApiKey(0);
+$sKey->GenerateSalt();
+$sKey->uPublicToken = random_string(32);
+$new_token = random_string(32);
+echo($new_token);
+$sKey->SetPrivateToken($new_token);
+$sKey->uUserId = 1;
+$sKey->InsertIntoDatabase();
--- a/frontend/rewrite.php
+++ b/frontend/rewrite.php
@ -39,6 +39,8 @@ else
 $sMainContents = "";
 $sMainClass = "";
 $sPageTitle = "";
+$sResponse = array();
+$sResponseCode = 200;

 /* Initialize some variables to ensure that they are available throughout the application.
 * Due to the way PHP variable scoping works (and the way CPHP works around this), variables
@ -205,6 +207,13 @@ try
 				'_menu'				=> "admin",
 				'_prefilled_node'		=> true
 			),
+			/* API - Client - List VPSes */
+			'^/api/client/list'		=> array(
+				'target'			=> "modules/api/client/vps/list.php",
+				'authenticator'			=> "authenticators/api/client.php",
+				'auth_error'			=> "modules/error/api/access.php",
+				'_raw'				=> true
+			),
 			'^/test/?$'			=> "modules/test.php"
 		)
 	);
@ -228,20 +237,23 @@ try
 		));
 	}
 	
-	if($router->uVariables['menu'] == "vps" && $router->uVariables['display_menu'] === true)
-	{
-		$sMainContents .= Templater::AdvancedParse("{$sTheme}/client/vps/main", $locale->strings, array(
-			'error'			=> $sError,
-			'contents'		=> $sPageContents,
-			'id'			=> $sVps->sId
-		));
-	}
-	elseif($router->uVariables['menu'] == "admin" && $router->uVariables['display_menu'] === true)
+	if(empty($router->uVariables['raw']))
 	{
-		$sMainContents .= Templater::AdvancedParse("{$sTheme}/admin/main", $locale->strings, array(
-			'error'			=> $sError,
-			'contents'		=> $sPageContents
-		));
+		if($router->uVariables['menu'] == "vps" && $router->uVariables['display_menu'] === true)
+		{
+			$sMainContents .= Templater::AdvancedParse("{$sTheme}/client/vps/main", $locale->strings, array(
+				'error'			=> $sError,
+				'contents'		=> $sPageContents,
+				'id'			=> $sVps->sId
+			));
+		}
+		elseif($router->uVariables['menu'] == "admin" && $router->uVariables['display_menu'] === true)
+		{
+			$sMainContents .= Templater::AdvancedParse("{$sTheme}/admin/main", $locale->strings, array(
+				'error'			=> $sError,
+				'contents'		=> $sPageContents
+			));
+		}
 	}
 }
 catch (UnauthorizedException $e)
@ -254,12 +266,20 @@ catch (UnauthorizedException $e)
 	));
 }

-$sTemplateParameters = array_merge($sTemplateParameters, array(
-	'logged-in'		=> $sLoggedIn,
-	'title'			=> $sPageTitle,
-	'main'			=> $sMainContents,
-	'menu-visible'		=> (isset($router->uVariables['menu']) && $router->sAuthenticated === true),
-	'generation'		=> round(microtime(true) - $timing_start, 6)
-));
+if(empty($router->uVariables['raw']))
+{
+	$sTemplateParameters = array_merge($sTemplateParameters, array(
+		'logged-in'		=> $sLoggedIn,
+		'title'			=> $sPageTitle,
+		'main'			=> $sMainContents,
+		'menu-visible'		=> (isset($router->uVariables['menu']) && $router->sAuthenticated === true),
+		'generation'		=> round(microtime(true) - $timing_start, 6)
+	));

-echo(Templater::AdvancedParse("{$sTheme}/shared/main", $locale->strings, $sTemplateParameters));
+	echo(Templater::AdvancedParse("{$sTheme}/shared/main", $locale->strings, $sTemplateParameters));
+}
+else
+{
+	status_code($sResponseCode);
+	echo(json_encode($sResponse));
+}