cgasser/Yodmon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Zabbix API token auth for Zabbix 6.4+

Browse Source 
Zabbix 6.4+ rejects API tokens in the JSON-RPC "auth" field.
Tokens must now be sent as "Authorization: Bearer <token>" HTTP header.
User/password sessions still use the payload auth field as before.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Christoph Gasser
2026-04-17 10:11:53 +02:00
parent 525158e9c6
commit b53f6c9aed
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/zabbix.py
View File

@@ -37,9 +37,14 @@ class ZabbixClient:
def _call(self, method, params): def _call(self, method, params):
self._id += 1 self._id += 1
payload = {'jsonrpc': '2.0', 'method': method, 'params': params, 'id': self._id} payload = {'jsonrpc': '2.0', 'method': method, 'params': params, 'id': self._id}
if self._auth: headers = {}
if ZABBIX_API_TOKEN:
# Zabbix 6.4+: API tokens go in the Authorization header, not the payload
headers['Authorization'] = f'Bearer {ZABBIX_API_TOKEN}'
elif self._auth:
# Zabbix < 6.4 / user+password sessions: auth goes in the JSON-RPC payload
payload['auth'] = self._auth payload['auth'] = self._auth
resp = requests.post(self._url, json=payload, timeout=30) resp = requests.post(self._url, json=payload, headers=headers, timeout=30)
resp.raise_for_status() resp.raise_for_status()
body = resp.json() body = resp.json()
if 'error' in body: if 'error' in body:
@@ -48,7 +53,7 @@ class ZabbixClient:
def login(self): def login(self):
if ZABBIX_API_TOKEN: if ZABBIX_API_TOKEN:
self._auth = ZABBIX_API_TOKEN # API token used directly — no session needed pass # token is sent via Authorization header in every _call — no login needed
else: else:
self._auth = self._call('user.login', {'user': ZABBIX_USER, 'password': ZABBIX_PASSWORD}) self._auth = self._call('user.login', {'user': ZABBIX_USER, 'password': ZABBIX_PASSWORD})