claudetools/GURURMM_API_ACCESS.md

GuruRMM API Access Configuration

[SUCCESS] Created admin user for Claude API access on 2026-01-22

API Endpoint

• Base URL: http://172.16.3.30:3001
• API Docs: http://172.16.3.30:3001/api/docs (if available)
• Production URL: https://rmm-api.azcomputerguru.com

Authentication Credentials

Claude API User (Admin)

• Email: claude-api@azcomputerguru.com
• Password: ClaudeAPI2026!@#
• Role: admin
• User ID: 4d754f36-0763-4f35-9aa2-0b98bbcdb309
• Created: 2026-01-22 16:41:14 UTC

Existing Admin User

• Email: admin@azcomputerguru.com
• Role: admin
• User ID: 490e2d0f-067d-4130-98fd-83f06ed0b932

Database Access

PostgreSQL Connection

• Host: 172.16.3.30
• Port: 5432
• Database: gururmm
• Username: gururmm
• Password: 43617ebf7eb242e814ca9988cc4df5ad

Connection String

postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm

JWT Configuration

• JWT Secret: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
• Token Expiration: 24 hours (default)

API Usage Examples

1. Login and Get Token

curl -X POST http://172.16.3.30:3001/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}'

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
  "user": {
    "id": "4d754f36-0763-4f35-9aa2-0b98bbcdb309",
    "email": "claude-api@azcomputerguru.com",
    "name": "Claude API User",
    "role": "admin",
    "created_at": "2026-01-22T16:41:14.153615Z"
  }
}

2. Use Token for Authenticated Requests

TOKEN="your-jwt-token-here"

# List all sites
curl http://172.16.3.30:3001/api/sites \
  -H "Authorization: Bearer $TOKEN"

# List all agents
curl http://172.16.3.30:3001/api/agents \
  -H "Authorization: Bearer $TOKEN"

# List all clients
curl http://172.16.3.30:3001/api/clients \
  -H "Authorization: Bearer $TOKEN"

3. Python Example

import requests

# Login
login_response = requests.post(
    'http://172.16.3.30:3001/api/auth/login',
    json={
        'email': 'claude-api@azcomputerguru.com',
        'password': 'ClaudeAPI2026!@#'
    }
)
token = login_response.json()['token']

# Make authenticated request
headers = {'Authorization': f'Bearer {token}'}
sites = requests.get('http://172.16.3.30:3001/api/sites', headers=headers)
print(sites.json())

Available API Endpoints

Based on the GuruRMM server structure, common endpoints include:

• /api/auth/login - User authentication
• /api/auth/register - User registration (disabled)
• /api/sites - Manage sites/locations
• /api/agents - Manage RMM agents
• /api/clients - Manage clients
• /api/alerts - View and manage alerts
• /api/commands - Execute remote commands
• /api/metrics - View system metrics
• /api/policies - Manage policies
• /api/users - User management (admin only)

Database Tables

The gururmm database contains these tables:

• users - User accounts and authentication
• sites - Physical locations/sites
• clients - Client organizations
• agents - RMM agent instances
• agent_state - Current agent status
• agent_updates - Agent update history
• alerts - System alerts and notifications
• alert_threshold_state - Alert threshold tracking
• commands - Remote command execution
• metrics - Performance and monitoring metrics
• policies - Configuration policies
• policy_assignments - Policy-to-site assignments
• registration_tokens - Agent registration tokens
• user_organizations - User-to-organization mapping
• watchdog_events - System watchdog events

Password Hashing

Passwords are hashed using Argon2id with these parameters:

• Algorithm: Argon2id
• Version: 19
• Memory Cost: 19456 (19 MB)
• Time Cost: 2 iterations
• Parallelism: 1 thread

Hash format:

$argon2id$v=19$m=19456,t=2,p=1$SALT$HASH

Security Notes

1. JWT Token Storage: Store tokens securely, never in plain text
2. Token Expiration: Tokens expire after 24 hours (verify actual expiration)
3. HTTPS: Use HTTPS in production (https://rmm-api.azcomputerguru.com)
4. Rate Limiting: Check if API has rate limiting enabled
5. Admin Privileges: This account has full admin access - use responsibly

Server Configuration

Located at: /opt/gururmm/.env

DATABASE_URL=postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@localhost:5432/gururmm
JWT_SECRET=ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
SERVER_HOST=0.0.0.0
SERVER_PORT=3001
RUST_LOG=info,gururmm_server=info,tower_http=debug
AUTO_UPDATE_ENABLED=true
DOWNLOADS_DIR=/var/www/gururmm/downloads
DOWNLOADS_BASE_URL=https://rmm-api.azcomputerguru.com/downloads

Microsoft Entra ID SSO (Optional)

The server supports SSO via Microsoft Entra ID:

• Client ID: 18a15f5d-7ab8-46f4-8566-d7b5436b84b6
• Redirect URI: https://rmm.azcomputerguru.com/auth/callback
• Default Role: viewer

Testing Checklist

• User created in database
• Password hashed with Argon2id (97 characters)
• Login successful via API
• JWT token received
• Authenticated request successful (tested /api/sites)
• Token contains correct user ID and role

Next Steps

1. Integrate this API into ClaudeTools for automated RMM management
2. Create API wrapper functions in ClaudeTools
3. Add error handling and token refresh logic
4. Document all available endpoints
5. Set up automated testing for API endpoints

Troubleshooting

Login Issues

• Verify email and password are correct
• Check database connection
• Ensure GuruRMM server is running on port 3001
• Check logs: journalctl -u gururmm-server -f

Token Issues

• Token expires after 24 hours - refresh by logging in again
• Verify token is included in Authorization header
• Format: Authorization: Bearer <token>

Database Issues

# Check database connection
PGPASSWORD='43617ebf7eb242e814ca9988cc4df5ad' \
  psql -h 172.16.3.30 -p 5432 -U gururmm -d gururmm -c 'SELECT version();'

# Verify user exists
PGPASSWORD='43617ebf7eb242e814ca9988cc4df5ad' \
  psql -h 172.16.3.30 -p 5432 -U gururmm -d gururmm \
  -c "SELECT * FROM users WHERE email='claude-api@azcomputerguru.com';"

---

Document Created: 2026-01-22 Last Updated: 2026-01-22 Tested By: Claude Code Status: Production Ready