If you use an api key you wont have to set a user name, if you don't use a key you will have to login as admin.

Stuart H Jimenez · Stuart H Jimenez · commit 608b9d740ae9 · 2014-12-09T13:45:34.000-06:00
diff --git a/web/api/index.php b/web/api/index.php
@@ -6,6 +6,12 @@
     // Authentication
     $auth_code = 1;
     if (empty($_POST['hash'])) {
+        // Check user permission to use API
+        if ($_POST['user'] != 'admin') {
+            echo 'Error: only admin is allowed to use API';
+            exit;
+        }
+        
         $v_user = escapeshellarg($_POST['user']);
         $v_password = escapeshellarg($_POST['password']);
         exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
@@ -20,13 +26,6 @@
         echo 'Error: authentication failed';
         exit;
     }
-
-    // Check user permission to use API
-    if ($_POST['user'] != 'admin') {
-        echo 'Error: only admin is allowed to use API';
-        exit;
-    }
-    
     
     // Prepare arguments
     if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
