Files
cantaloupe-downloader/API.md
T

1.1 KiB

api-investigation.md — copied from kanban investigation task t_54f0a481

Key Findings

Architecture

  • Seed (/login/) — Vue 3.5 SPA auth page
  • Application (/cs1/, /cs4/) — ASP.NET MVC behind Azure Application Gateway
  • Machine List page at /cs4/VueMachineList/ (modern SPA)

Auth Flow (httpx-compatible)

  1. GET /login/api/DataContext/GenerateAntiForgeryState → CSRF token
  2. POST /login/api/SignIn/SignIn/en-US with __RequestVerificationToken header + {Email, Password, FormsAuthReturnUrl}
  3. Cookies are set automatically: ASP.NET_SessionId, .ASPXAUTH, ApplicationGatewayAffinity, AeonPrincipalCacheVersion

Export

  • Endpoint: POST /cs4/VueMachineList/ExcelExport
  • StreamSaver.js streams result as "Machine List.xlsx"
  • 60+ configurable columns
  • Credentials via env: CANTALOUPE_EMAIL, CANTALOUPE_PASSWORD

Recommendation

Start with httpx-only (Option A). Fall back to Playwright-for-login (Option B) if needed.

See full investigation at: ~/.hermes/kanban/boards/cantaloupe-downloader/workspaces/t_54f0a481/investigation-findings.md