t_54f0a481: Add API investigation findings doc

This commit is contained in:
2026-05-21 17:58:05 -04:00
parent ffa827fdf0
commit 5664fb7e0a
+24
View File
@@ -0,0 +1,24 @@
# api-investigation.md — copied from kanban investigation task t_54f0a481
## Key Findings
### Architecture
- **Seed** (`/login/`) — Vue 3.5 SPA auth page
- **Application** (`/cs1/`, `/cs4/`) — ASP.NET MVC behind Azure Application Gateway
- **Machine List page** at `/cs4/VueMachineList/` (modern SPA)
### Auth Flow (httpx-compatible)
1. `GET /login/api/DataContext/GenerateAntiForgeryState` → CSRF token
2. `POST /login/api/SignIn/SignIn/en-US` with `__RequestVerificationToken` header + `{Email, Password, FormsAuthReturnUrl}`
3. Cookies are set automatically: `ASP.NET_SessionId`, `.ASPXAUTH`, `ApplicationGatewayAffinity`, `AeonPrincipalCacheVersion`
### Export
- **Endpoint**: `POST /cs4/VueMachineList/ExcelExport`
- StreamSaver.js streams result as "Machine List.xlsx"
- 60+ configurable columns
- Credentials via env: `CANTALOUPE_EMAIL`, `CANTALOUPE_PASSWORD`
### Recommendation
Start with httpx-only (Option A). Fall back to Playwright-for-login (Option B) if needed.
See full investigation at: `~/.hermes/kanban/boards/cantaloupe-downloader/workspaces/t_54f0a481/investigation-findings.md`