Environment
- Version: Pritunl Enterprise 1.32.4089.16
- Platform: Ubuntu 20.04 LTS, MongoDB 5.0.30
- License: Active Enterprise subscription verified in database
Use Case
I’m trying to integrate Pritunl with a Slack application for automated VPN profile generation.
Problem
Despite having a valid Pritunl Enterprise license (v1.32.4089.16) with auth_api: true
enabled for administrators, ALL API endpoints return 401 Unauthorized when using token authentication:
curl -k -H "Auth-Token: [token]" -H "Auth-Secret: [secret]" https://server/organization
# Returns: 401 Unauthorized
On Source Code Analysis I noticed that the API route handlers in /usr/lib/pritunl/handlers/
and all endpoints use @auth.session_auth
decorator, not token authentication. There is no evidence of @auth.token_auth
or similar decorators in codebase. API requests generate no application logs suggesting it is being rejected at web server level.
However passing the 2fa session token to curl works:
curl -k -X POST \
-H "Content-Type: application/json" \
-d '{"username": "rachana@example.com", "password": "password", "otp_code": "123456"}' \
https://localhost:443/auth/session
Response:
{"authenticated": true, "default": false}
This approach is unsuitable for automated systems due to 2FA requirements and session expiration.
Questions
- Does the Enterprise license actually support API token authentication for ANY endpoints in v1.32.4089.16?
- Are there dedicated API endpoint paths that support token authentication (e.g.,
/api/*
vs direct paths)? - Is the
auth_api: true
database flag supposed to enable token authentication, or is it used for a different purpose? - Are there additional server configuration steps required beyond setting the administrator’s
auth_api
flag? - Was API token authentication deprecated/removed in recent versions, or moved to a different authentication mechanism?
- Is there ANY way to programmatically access Pritunl API data without web session authentication and 2FA?
Any guidance on proper API token authentication setup would be greatly appreciated.