From 4cc10fa0f4fd93e2771f568b87578d8a091e6a6b Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Tue, 2 Jun 2026 20:16:48 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-02 20:16:41 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-02 20:16:41 --- .claude/memory/MEMORY.md | 1 + .claude/memory/reference_screenconnect_api.md | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 .claude/memory/reference_screenconnect_api.md diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index a6d3bd6..9211b92 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -96,3 +96,4 @@ - [ACG MSP tool stack](reference_acg_msp_stack.md) — ScreenConnect/CW Control, Splashtop, Syncro, Datto RMM, Datto EDR/AV, GuruRMM are ACG's OWN tools; do not flag as foreign/threat on managed machines (Defender-off is expected when Datto AV is active). - [ACG Website Hosting](project_azcomputerguru_hosting.md) — azcomputerguru.com is hosted on IX Web Hosting via cPanel. - [jq on Windows emits CRLF](feedback_jq_crlf_windows.md) — winget jq outputs CRLF; trailing \r silently breaks `for x in $(jq ...)` loops + read-from-@tsv. Override `jq(){ command jq "$@"|tr -d '\r'; }`. Windows-build-specific (passes on Mac/Linux). +- [ScreenConnect RESTful API auth](reference_screenconnect_api.md) — CTRLAuthHeader = raw api_secret (no Basic/b64) + Origin header; only method is GetSessionsByName; matches blank-for-agents Name field so it cannot enumerate full inventory. diff --git a/.claude/memory/reference_screenconnect_api.md b/.claude/memory/reference_screenconnect_api.md new file mode 100644 index 0000000..02e9146 --- /dev/null +++ b/.claude/memory/reference_screenconnect_api.md @@ -0,0 +1,15 @@ +--- +name: reference_screenconnect_api +description: Working auth + method for the ACG ScreenConnect RESTful API extension (CTRLAuthHeader = raw secret, GetSessionsByName) +metadata: + type: reference +--- + +ACG ScreenConnect RESTful API extension — verified working call (2026-06-02, Howard). Credentials in vault `msp-tools/screenconnect.sops.yaml` (`credentials.username`, `credentials.api_secret`). + +- **Host:** `https://computerguru.screenconnect.com` **extension-guid:** `2d558935-686a-4bd0-9991-07539f5fe749` +- **Auth (the non-obvious part):** header `CTRLAuthHeader: ` with **NO `Basic ` prefix and no base64** + header `Origin: https://computerguru.screenconnect.com`. Putting the secret in `Authorization: Basic `, or `CTRLAuthHeader: Basic `, both return 401. Raw secret in CTRLAuthHeader is what works. +- **Only method that exists:** `POST /App_Extensions//Service.ashx/GetSessionsByName` with JSON body `{"sessionName":""}`. Every other `Get*` name (GetSessions, GetSessionList, GetHosts, ...) returns 500 `"Web method does not exist"`. Bad/missing params return 500 `"Unknown parameter: "` — the valid param is `sessionName`. +- **Big limitation:** the match is on the session `Name` field, which is **blank for unattended access agents**, so this api user only enumerates a handful of named sessions — it CANNOT list a client's full machine inventory. For per-machine last-seen across a whole client, the API is not sufficient; read the ScreenConnect console (or a screen recording) instead. Session objects do carry `LastConnectedEventTime`, `LastEventTime`, `GuestInfo.LastActivityTime`, and custom props CP1=Company / CP2=Site / CP3=Tag. + +Used during the Dataforth Syncro asset cleanup as the third liveness source alongside Syncro + Bitdefender. See [[reference_acg_msp_stack]].