1.1 KiB
1.1 KiB
api-investigation.md — copied from kanban investigation task t_54f0a481
Key Findings
Architecture
- Seed (
/login/) — Vue 3.5 SPA auth page - Application (
/cs1/,/cs4/) — ASP.NET MVC behind Azure Application Gateway - Machine List page at
/cs4/VueMachineList/(modern SPA)
Auth Flow (httpx-compatible)
GET /login/api/DataContext/GenerateAntiForgeryState→ CSRF tokenPOST /login/api/SignIn/SignIn/en-USwith__RequestVerificationTokenheader +{Email, Password, FormsAuthReturnUrl}- Cookies are set automatically:
ASP.NET_SessionId,.ASPXAUTH,ApplicationGatewayAffinity,AeonPrincipalCacheVersion
Export
- Endpoint:
POST /cs4/VueMachineList/ExcelExport - StreamSaver.js streams result as "Machine List.xlsx"
- 60+ configurable columns
- Credentials via env:
CANTALOUPE_EMAIL,CANTALOUPE_PASSWORD
Recommendation
Start with httpx-only (Option A). Fall back to Playwright-for-login (Option B) if needed.
See full investigation at: ~/.hermes/kanban/boards/cantaloupe-downloader/workspaces/t_54f0a481/investigation-findings.md