API call returns "Only root may set this option" While using root API token

Mar 14, 2020
7
1
8
57
I have successfully made API POST requests using curl with a token from root. But as soon as I want to use -script or -prune-backups I get the response:
{"errors":{"prune-backups":"Only root may set this option."},"data":null

This is my curl line:

curl -X POST -H 'Authorization: PVEAPIToken=root@pam!backup=XXXXX' https://192.168.1.120:8006/api2/json//nodes/[NODE]/vzdump --insecure \
-d pool=Backup_weekly \
-d mode=stop \
-d storage=PBSbackup_1 \
-d mailnotification=failure \
-d prune-backups=keep-daily%3D7,keep-weekly%3D3,keep-monthly%3D6



First I created token for root
Than I set the permissions on '/' and role 'Administrator'
Propagation set to true

I changed the token from Priveledged to non-priveleged.

I always get the Only root response. Any clues someone?
 
To answer my own question and maybe help others:

Fabian told me NO cannot do with APItoken:

"that option is actually limited to the full 'root@pam' user, see https://bugzilla.proxmox.com/show_bug.cgi?id=2582"


So I went the PVEAuthCookie way.

With a script from veeh (found here: https://forum.proxmox.com/threads/api-automation-power-on-off-vm-and-else.92467/ ).

I had to adjust that script a bit to get what I need, and this is the result fow now. It works so it easy to go from here.


#!/bin/bash
##################################
### API AUTOMATION
# for the proxmox community
# By veeh (and me), enjoy

#Host info
pve="HOST_FQDN_OR_IP"
node="HOSID"
port=":8006"
vmid="VMID"

#API info
apiu="user@realm"
apip="USER_PASSWORD"
url_base="https://$pve$port/api2/json"


# this is where you put what ever you want do
# https://pve.proxmox.com/pve-docs/api-viewer/

url_action="nodes/$node/vzdump"
#url_action="nodes/$node/qemu/$vmid/status/stop"


parameters="-d pool=[poolname] \
-d mode=stop \
-d storage=[storagename] \
-d mailnotification=failure \
-d mailto=XXX@XXX.com \
-d remove=1 \
-d prune-backups=keep-daily%3D7,keep-weekly%3D3,keep-monthly%3D6"


urlqr="$url_base/$url_action"
urltk="$url_base/access/ticket"

# Grab cookie and token from the ticket data
ticket=`curl --silent --insecure --data "username=$apiu&password=$apip" $urltk`
cookieid=`echo $ticket | tr -t '"' '\n' | grep "PVE:$apiu"`
cookie="PVEAuthCookie=$cookieid"
ticketid=`echo $cookie | awk -F ':' '{ print $3 }'`
tokenid=`echo $ticket | tr -t '"' '\n' | grep $ticketid | grep -v PVE`
token="CSRFPreventionToken:$tokenid"

#proxmox api query
curl --insecure --cookie $cookie --header $token -X POST "$urlqr" $parameters