Local DWS APIs

local access to the dws is disabled by default as of brightsignos 9 0 218 (on the 9 0 branch) and brightsignos 9 1 75 (on the 9 1 branch) in brightsignos versions prior to these, local access to the dws was enabled by default to enable local access to the dws, see docid\ iafcherljfjdjtwttkpk5 note that some specially configured players have the external microsd card port and usb storage disabled at the factory (sku svc internal storage only) for these players, the dws remains on by default there are two ways to access these apis you can choose to use digest authentication digest authentication uses a username and a password the username is always “admin” the password can be set in three ways use the default, which is the player serial number set it through the setup package set it using a custom script you can choose to use no authentication however, this is not recommended once the password is set, you need to authenticate to access the local dws apis to do this you should be using bri ghtsignos 8 4 6 or newer call the desired api using digest authentication with the local dws username and password note that digest authentication is fairly insecure when used over an insecure transport (http) the url prefix is always https //player ip/api api d efinit ions the listed apis are prefixed with the version /v1 we can not guarantee that these documents will be current in every case docid\ rrbb0z9dct8mtxs9jqfo8 docid\ ylxb9c8us70n09hookdp docid\ sayok1v5mynjrfjdyjo5k docid\ eeufgoavjljvccgpgdxdn docid 7xffmahpax15y5oeyva1z docid\ lrnvvaaa2rbz3 22kptnu docid\ gvrltps3clnqwbf6nmepm docid\ vgos8ry1l2grothau1ogk docid 5clrljaf12o4xjrg6ttdb docid\ v ecynutwh 8p7exqp06r docid nxnhjkhzyijmlymzrifa docid\ ysqoggysbtpmi8d tywz9 using https with the local dws in bos releases after bos 8 2 35 4, users had the option use either a trusted certificate or a self signe d certificate to access https over the dws as of bos 9 0 218 and 9 1 52, the local dws uses https by default with a self signed certificate previously (in bos 8 2 35 4 and newer) https was optional, but a self signed certificate had to be provided see docid\ j17pu2fwzg7nik1niyt y for information about how to apply a certificate to a player if your existing scripts use http to access ldws, you should update them to use https if updating the scripts is not immediately possible, you may temporarily set the enable http redirect registry key in the networking section to false (link to the registry doc) this disables http redirection, allowing your current scripts to continue functioning please note that https is enforced regardless of the registry key setting the registry key only controls http redirection behavior and does not disable https enforcement generating a self signed certificate and key to do this, choose one of the following two methods run this code openssl req nodes new x509 keyout dws key out dws crt or run the following code and use the 'dws key' and 'dws crt' files the other files can be deleted later openssl req newkey rsa 4096 keyform pem keyout ca key x509 days 3650 outform pem out ca cer openssl genrsa out dws key 4096 openssl req new key dws key out client req openssl x509 req in client req ca ca cer cakey ca key set serial 101 extensions client days 365 outform pem out dws crt making the certificate and key files accessible the operating system will look for files with known names at the root of the default storage to make the certificate and key files you generated findable, either name the files name the files dws crt and dws key , as in the examples put the names of the files in the networking registry using the keys put the names of the files in the networking registry using the keys ldws cert file name , ldws key file name see docid 8luj1vpf ftlcbisbqbvz for more information if you want to supply the ca certificate, you can use the default name if you want to supply the ca certificate, you can use the default name dws ca or if you want to use another name use the registry key ldws ca file name to specify the filename then put the files at the root of the default storage if you have defined the then put the files at the root of the default storage if you have defined the ldws certs path registry key, this will be the certs location (rather than the default storage)