@sander1 said:
The correct URL is https://plex.tv/pms/servers.xml, with /pms/ in the middle of the URL.
A related query is there a known method to authorize the new user pin feature, will be easy to get the pin from the uer but how and which url will validate the pin, I did a search in the forum but cannot seem to find any api.
Get the user’s token - HTTP POST “https://plex.tv/api/home/users/” + id + “/switch” (note need to pass in the user id in the url and post the password in the body
This will return a token.
Thats as far as i got. I tried to utilise the returned user token rather than the owner’s token and i get 401’s from here on out. So not sure what i’m doing wrong.
@sander1 said:
The correct URL is https://plex.tv/pms/servers.xml, with /pms/ in the middle of the URL.
A related query is there a known method to authorize the new user pin feature, will be easy to get the pin from the uer but how and which url will validate the pin, I did a search in the forum but cannot seem to find any api.
Get the user’s token - HTTP POST “https://plex.tv/api/home/users/” + id + “/switch” (note need to pass in the user id in the url and post the password in the body
This will return a token.
Thats as far as i got. I tried to utilise the returned user token rather than the owner’s token and i get 401’s from here on out. So not sure what i’m doing wrong.
Same problem here. Even most basic requests to PMS fail with this user token. Been trying with Fiddler as well, cloning Plex Web requests with a replaced token.
@sander1 said:
The correct URL is https://plex.tv/pms/servers.xml, with /pms/ in the middle of the URL.
A related query is there a known method to authorize the new user pin feature, will be easy to get the pin from the uer but how and which url will validate the pin, I did a search in the forum but cannot seem to find any api.
Get the user’s token - HTTP POST “https://plex.tv/api/home/users/” + id + “/switch” (note need to pass in the user id in the url and post the password in the body
This will return a token.
Thats as far as i got. I tried to utilise the returned user token rather than the owner’s token and i get 401’s from here on out. So not sure what i’m doing wrong.
Same problem here. Even most basic requests to PMS fail with this user token. Been trying with Fiddler as well, cloning Plex Web requests with a replaced token.
Anyone got any idea?
I figured it out.
You need to get a server access token from plex.tv using the user token. The server access token should be used to authetnicate against the server.
@sander1 said:
The correct URL is https://plex.tv/pms/servers.xml, with /pms/ in the middle of the URL.
A related query is there a known method to authorize the new user pin feature, will be easy to get the pin from the uer but how and which url will validate the pin, I did a search in the forum but cannot seem to find any api.
Get the user’s token - HTTP POST “https://plex.tv/api/home/users/” + id + “/switch” (note need to pass in the user id in the url and post the password in the body
This will return a token.
Thats as far as i got. I tried to utilise the returned user token rather than the owner’s token and i get 401’s from here on out. So not sure what i’m doing wrong.
Same problem here. Even most basic requests to PMS fail with this user token. Been trying with Fiddler as well, cloning Plex Web requests with a replaced token.
Anyone got any idea?
I figured it out.
You need to get a server access token from plex.tv using the user token. The server access token should be used to authetnicate against the server.
user[login] and user[password] form values in the body. For example: user%5Blogin%5D=plexusername&user%5Bpassword%5D=myplexpassword
HTTP header: X-Plex-Client-Identifier: a unique value for your client
HTTP header: X-Plex-Product: the name of your client
HTTP header: X-Plex-Version: the version of your client
Trying to do it first by hand in a telnet to figure out exact syntax for my automation system but confused here by exact syntax for post !
Should I do it this way ? POST /users/sign_in.xml user_login=myuser&user_password=mypassword&X-Plex-Client-Identifier=myidentifier&X-Plex-Product=myproduct&X-Plex-Version=myversion
Each time I type my post request and then enter I get disconnected from server before I can type next line !
@vincen If I were you I would just use the command line curl interface to properly send the headers, however if you must use telnet, it looks like you need to type the headers before the body, each on its own line.
@Arcanemagus said: @vincen If I were you I would just use the command line curl interface to properly send the headers, however if you must use telnet, it looks like you need to type the headers before the body, each on its own line.
curl would be definitively easier but I do it on a proprietary system where I have no access at such tools. Thanks for link explaining how to do it, unhappy I discovered the crap automation system I use is still unable to do HTTPS connections so no way to do a plex client in it
I needed to get the plex token using python3. I have a sample script below (based off of script from user svdlugt) that stores and prints the auth. token.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import http.client, urllib.request, urllib.parse, urllib.error, base64
ip_add = '192.168.XXX.XXX' # change this to the local IP address of the plex server
username = "UsernameHere" # change this to your plex login username
password = "PasswordHere" # change this to the corresponding password for your username
base64string = base64.encodestring(('%s:%s' % (username, password)).encode()).decode().replace('
', ‘’)
txdata = “”
headers={'Authorization': "Basic %s" % base64string,
'X-Plex-Client-Identifier': "Test script",
'X-Plex-Product': "Test script 356546545",
'X-Plex-Version': "0.001"}
conn = http.client.HTTPSConnection("plex.tv")
conn.request("POST","/users/sign_in.json",txdata,headers)
response = conn.getresponse()
#print(response.status, response.reason) # user svdlugt had this, but I didn't know what it was for and didn't need it
data = response.read()
data_str = str(data)
print(data_str) # I removed this in my script, because I didn't need the additional information that it provides
token_str_plus = data_str.split('_token":"')[1]
token_str = token_str_plus.split('"')[0] # this is the token string. It can be used later in the script or passed to another script
print(token_str)
conn.close()
Doesn’t this create a ton of untrusted apps that are now asking users to enter their plaintext Plex credentials? Already there are things like Plex Requests, PlexPy, etc. that rely on this technique and are now conditioning Plex users to willingly input their plaintext username/password into forms that Plex cannot control.
I realize that many Plex users are fully local only, but if you are a server admin you are not about to type in your username/password into someone else’s Plex Requests/Ombi portal for example. Even people who are not server admins should not be haphazardly sharing their account credentials with random software they clone off github.
Ideally, Plex should host a proper SSO login page (on https://plex.tv, with CSRF prevention) that handles a login and generates a role-specific auth token for it. Even more ideally, all the apps should have their own API key and tokens should only be valid for those apps, but that’s harder.
@honkdazzle said:
Doesn’t this create a ton of untrusted apps that are now asking users to enter their plaintext Plex credentials? Already there are things like Plex Requests, PlexPy, etc. that rely on this technique and are now conditioning Plex users to willingly input their plaintext username/password into forms that Plex cannot control.
I realize that many Plex users are fully local only, but if you are a server admin you are not about to type in your username/password into someone else’s Plex Requests/Ombi portal for example. Even people who are not server admins should not be haphazardly sharing their account credentials with random software they clone off github.
Ideally, Plex should host a proper SSO login page (on https://plex.tv, with CSRF prevention) that handles a login and generates a role-specific auth token for it. Even more ideally, all the apps should have their own API key and tokens should only be valid for those apps, but that’s harder.
I agree. Can’t we get an answer on this? And how do we get the user’s info for every client they want to use my channel with? We can’t even use a text box, etc to get the info. Does every user have to have the ability to edit the script, etc to get their token for their specific user account and specific client? I am making a channel that will rip with MakeMKV to a local repository, and don’t really need anything but local access.
Hi
Need yur help…I am new to all this…and not a programmer at all. I am using an app called postman and need to know the exact steps to get the token. What headers I need. what do i need to type for the body etc. where to get unique identifier etc. It has a username password form so that can be filled. Please help as need token for my home assistant. Would really appreciate it.
Thanks
Anyone know why you cant use key and value pairs for the body/auth part? Is there a way i can structure the key/values to where Plex’s API will pick it up? I have my headers structured like the first example and they are all picked up fine in my “Devices” tab in my web app.
@scarfdestroyer said:
Anyone know why you cant use key and value pairs for the body/auth part?
The format is specified by the content type, and the default content type (which is also used by Plex) is application/x-www-form-urlencoded. This requires the request body to be formatted just like a query string:
