Add support for client-specific API keys

Refactoring API. Added a contact update endpoint. Small misc changes.
2026-03-28 16:25:40 +00:00 · 2022-04-15 17:43:06 +01:00
parent bdd00c843d
commit e55622827d
26 changed files with 286 additions and 194 deletions
--- a/api/v1/assets/asset_model.php
+++ b/api/v1/assets/asset_model.php
@@ -0,0 +1,27 @@
 <?php
 $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
 $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
 $make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
 $model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
 $serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
 $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
 $asset_ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
 $mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
 $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
 if(empty($purchase_date)){
  $purchase_date = "0000-00-00";
 }
 $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
 if(empty($warranty_expire)){
  $warranty_expire = "0000-00-00";
 }
 $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
 if(empty($install_date)){
  $install_date = "0000-00-00";
 }
 $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
 $meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
 $vendor = intval($_POST['asset_vendor_id']);
 $location = intval($_POST['asset_location_id']);
 $contact = intval($_POST['asset_contact_id']);
 $network = intval($_POST['asset_network_id']);
--- a/api/v1/assets/create.php
+++ b/api/v1/assets/create.php
@@ -1,57 +1,25 @@
 <?php
 require('../validate_api_key.php');
-if($_SERVER['REQUEST_METHOD'] !== "POST"){
+require('../require_post_method.php');
  header("HTTP/1.1 405 Method Not Allowed");
  $return_arr['success'] = "False";
  $return_arr['message'] = "Can only send POST requests to this endpoint.";
  echo json_encode($return_arr);
  exit();
 }
 // Parse info
-$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
+require('asset_model.php');
 $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
 $make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
 $model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
 $serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
 $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
 $ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
 $mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
 $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
 if(empty($purchase_date)){
  $purchase_date = "0000-00-00";
 }
 $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
 if(empty($warranty_expire)){
  $warranty_expire = "0000-00-00";
 }
 $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
 if(empty($install_date)){
  $install_date = "0000-00-00";
 }
 $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
 $meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
 $location = intval($_POST['location']);
 $vendor = intval($_POST['vendor']);
 $contact = intval($_POST['contact']);
 $network = intval($_POST['network']);
 $client_id = intval(json_decode($_POST['client_id']));
-if(!empty($name)){
+// Default
 $insert_id = FALSE;
 if(!empty($name) && !empty($client_id)){
  // Insert into Database
-  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$asset_ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
  if($insert_sql){
-    $insert_id = $mysqli->insert_id;
+    $insert_id = mysqli_insert_id($mysqli);
    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
  }
 }
 else{
  $insert_id = FALSE;
 }
 // Output
 include('../create_output.php');
--- a/api/v1/assets/read.php
+++ b/api/v1/assets/read.php
@@ -5,37 +5,37 @@ require('../require_get_method.php');
 // Asset via ID (single)
 if(isset($_GET['asset_id'])){
-    $id = intval($_GET['asset_id']);
+  $id = intval($_GET['asset_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Asset query via type
 elseif(isset($_GET['asset_type'])){
-    $type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
+  $type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // Asset query via name
 elseif(isset($_GET['asset_name'])){
-    $name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
+  $name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // Asset query via serial
 elseif(isset($_GET['asset_serial'])){
-    $serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
+  $serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // Asset query via client ID
-elseif(isset($_GET['asset_client_id'])){
+elseif(isset($_GET['client_id']) && $client_id == "%"){
-    $client = intval($_GET['asset_client_id']);
+  $client_id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // All assets
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/certificates/read.php
+++ b/api/v1/certificates/read.php
@@ -5,25 +5,25 @@ require('../require_get_method.php');
 // Specific certificate via ID (single)
 if(isset($_GET['certificate_id'])){
-    $id = intval($_GET['certificate_id']);
+  $id = intval($_GET['certificate_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Certificate by name
 elseif(isset($_GET['certificate_name'])){
-    $name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
+  $name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
-// Certificate via client ID
+// Certificate via client ID (if allowed)
-elseif(isset($_GET['certificate_client_id'])){
+elseif(isset($_GET['client_id']) && $client_id == "%"){
-    $client = intval($_GET['certificate_client_id']);
+  $client_id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
 // All certificates
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/contacts/contact_model.php
+++ b/api/v1/contacts/contact_model.php
@@ -0,0 +1,11 @@
 <?php
 $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
 $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
 $department = intval($_POST['contact_department']);
 $phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
 $extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
 $mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
 $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
 $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
 $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
 $location_id = intval($_POST['contact_location_id']);
--- a/api/v1/contacts/create.php
+++ b/api/v1/contacts/create.php
@@ -1,41 +1,34 @@
 <?php
 require('../validate_api_key.php');
-if($_SERVER['REQUEST_METHOD'] !== "POST"){
+require('../require_post_method.php');
  header("HTTP/1.1 405 Method Not Allowed");
  $return_arr['success'] = "False";
  $return_arr['message'] = "Can only send POST requests to this endpoint.";
  echo json_encode($return_arr);
  exit();
 }
 // Parse Info
-$client_id = intval($_POST['client_id']);
+include('contact_model.php');
 $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
 $title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
 $department = intval($_POST['contact_department']);
 $phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
 $extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
 $mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
 $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
 $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
 $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
 $location_id = intval($_POST['location']);
-if(!empty($name)){
+// Default
-  // Insert contact
+$insert_id = FALSE;
-  $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
+
-  if($insert_sql){
+if(!empty($name) && !empty($email) && !empty($client_id)){
-    $insert_id = $mysqli->insert_id;
+
  // Check contact with $email doesn't already exist
  $email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
  if(mysqli_num_rows($email_duplication_sql) == 0){
    // Insert contact
    $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
    // Check insert & get insert ID
    if($insert_sql){
      $insert_id = mysqli_insert_id($mysqli);
      //Logging
      mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
      mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
    }
    //Logging
    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
  }
 }
 else{
  $insert_id = FALSE;
 }
 // Output
 include('../create_output.php');
--- a/api/v1/contacts/read.php
+++ b/api/v1/contacts/read.php
@@ -6,18 +6,18 @@ require('../require_get_method.php');
 // Specific contact via ID (single)
 if(isset($_GET['contact_id'])){
    $id = intval($_GET['contact_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Specific contact via email (single)
 elseif(isset($_GET['contact_email'])){
    $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // All contacts
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/contacts/update.php
+++ b/api/v1/contacts/update.php
@@ -0,0 +1,28 @@
 <?php
 require('../validate_api_key.php');
 require('../require_post_method.php');
 // Parse Info
 $contact_id = intval($_POST['contact_id']);
 include('contact_model.php');
 // Default
 $update_id = FALSE;
 if(!empty($name) && !empty($email)){
  $update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
  // Check insert & get insert ID
  if($update_sql){
    $update_id = mysqli_affected_rows($mysqli);
    //Logging
    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
  }
 }
 // Output
 include('../update_output.php');
--- a/api/v1/create_output.php
+++ b/api/v1/create_output.php
@@ -16,10 +16,10 @@ if(isset($insert_id) && is_numeric($insert_id)){
  ];
 }
-// Query returned false, something went wrong or it was declined due to required variables missing
+// Query returned false: something went wrong, or it was declined due to required variables missing
 else{
  $return_arr['success'] = "False";
-  $return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided and database schema is up-to-date. Turn on error logging and look for 'undefined index'";
+  $return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
 }
 echo json_encode($return_arr);
--- a/api/v1/domains/read.php
+++ b/api/v1/domains/read.php
@@ -5,25 +5,25 @@ require('../require_get_method.php');
 // Specific domain via ID (single)
 if(isset($_GET['domain_id'])){
-    $id = intval($_GET['domain_id']);
+  $id = intval($_GET['domain_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Domain by name
 elseif(isset($_GET['domain_name'])){
-    $name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
+  $name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Domain via client ID
+// Domain via client ID (if allowed)
-elseif(isset($_GET['domain_client_id'])){
+elseif(isset($_GET['client_id']) && $client_id == "%"){
-    $client = intval($_GET['domain_client_id']);
+  $client_id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 }
 // All domains
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/networks/read.php
+++ b/api/v1/networks/read.php
@@ -5,25 +5,25 @@ require('../require_get_method.php');
 // Specific network via ID (single)
 if(isset($_GET['network_id'])){
-    $id = intval($_GET['network_id']);
+  $id = intval($_GET['network_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Network by name
 elseif(isset($_GET['network_name'])){
-    $name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
+  $name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
-// Network via client ID
+// Network via client ID (if allowed)
-elseif(isset($_GET['network_client_id'])){
+elseif(isset($_GET['client_id']) && $client_id == "%"){
-    $client = intval($_GET['network_client_id']);
+  $client_id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = '$client' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
 // All networks
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/read_output.php
+++ b/api/v1/read_output.php
@@ -20,7 +20,7 @@ if($sql && mysqli_num_rows($sql) > 0){
 }
 else{
  $return_arr['success'] = "False";
-  $return_arr['message'] = "No resource (for this company) with the specified parameter(s).";
+  $return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
  echo json_encode($return_arr);
  exit();
 }
--- a/api/v1/require_get_method.php
+++ b/api/v1/require_get_method.php
@@ -5,4 +5,9 @@ if($_SERVER['REQUEST_METHOD'] !== "GET"){
  $return_arr['message'] = "Can only send GET requests to this endpoint.";
  echo json_encode($return_arr);
  exit();
 }
 // Wildcard client ID for most SELECT queries
 if($client_id == 0){
  $client_id = "%";
 }
--- a/api/v1/require_post_method.php
+++ b/api/v1/require_post_method.php
@@ -5,4 +5,11 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
  $return_arr['message'] = "Can only send POST requests to this endpoint.";
  echo json_encode($return_arr);
  exit();
 }
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
 if($client_id == 0){
  //
  $client_id = intval($_POST['client_id']);
 }
--- a/api/v1/software/read.php
+++ b/api/v1/software/read.php
@@ -5,37 +5,37 @@ require('../require_get_method.php');
 // Specific software via ID (single)
 if(isset($_GET['software_id'])){
-    $id = intval($_GET['software_id']);
+  $id = intval($_GET['software_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // Specific software via License ID
 if(isset($_GET['software_license'])){
-    $license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
+  $license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license = '$license' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 // Software by name
 elseif(isset($_GET['software_name'])){
-    $name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
+  $name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
 // Software via type
 elseif(isset($_GET['software_type'])){
-    $type = intval($_GET['software_type']);
+  $type = intval($_GET['software_type']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
-// Software via client ID
+// Software via client ID (if allowed)
-elseif(isset($_GET['software_client_id'])){
+elseif(isset($_GET['client_id']) && $client_id == "%"){
-    $client = intval($_GET['software_client_id']);
+  $client_id = intval($_GET['client_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = '$client' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 // All software(s)
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/tickets/read.php
+++ b/api/v1/tickets/read.php
@@ -6,12 +6,12 @@ require('../require_get_method.php');
 // Specific ticket via ID (single)
 if(isset($_GET['ticket_id'])){
  $id = intval($_GET['ticket_id']);
-  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND company_id = '$company_id'");
+  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
 // All tickets
 else{
-  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
+  $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
 }
 // Output
--- a/api/v1/update_output.php
+++ b/api/v1/update_output.php
@@ -0,0 +1,23 @@
 <?php
 /*
 * API - update_output.php
 * Included on calls to update.php endpoints
 * Checks the status of the update SQL query ($update_sql)
 * Returns success data / fail messages
 */
 // Check if the insert query was successful
 if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
  // Insert successful
  $return_arr['success'] = "True";
  $return_arr['count'] = $update_id;
 }
 // Query returned false: something went wrong, or it was declined due to required variables missing
 else{
  $return_arr['success'] = "False";
  $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module (contact/ticket/etc) id";
 }
 echo json_encode($return_arr);
 exit();
--- a/api/v1/validate_api_key.php
+++ b/api/v1/validate_api_key.php
@@ -86,10 +86,11 @@ if(isset($api_key)){
  // Success
  else{
-    // Set company ID & key name
+    // Set client ID, company ID & key name
    $row = mysqli_fetch_array($sql);
    $company_id = $row['company_id'];
    $api_key_name = $row['api_key_name'];
    $client_id = $row['api_key_client_id'];
    $company_id = $row['company_id'];
    // Set limit & offset for queries
    if(isset($_GET['limit'])){
--- a/api_key_add_modal.php
+++ b/api_key_add_modal.php
@@ -1,3 +1,6 @@
 <?php
 $key = keygen();
 ?>
 <div class="modal" id="addApiKeyModal" tabindex="-1">
  <div class="modal-dialog">
    <div class="modal-content bg-dark">
@@ -10,30 +13,72 @@
      <form action="post.php" method="post" autocomplete="off">
        <div class="modal-body bg-white">
          <input type="hidden" name="key" value="<?php echo $key ?>">
          <div class="form-group">
            <label>API Key <strong class="text-danger">*</strong></label>
            <div class="input-group">
              <div class="input-group-prepend">
                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
              </div>
              <input type="text" class="form-control" value="<?php echo $key ?>" required disabled>
              <div class="input-group-append">
                <button class="btn btn-default clipboardjs" type="button" data-clipboard-text="<?php echo $key; ?>"><i class="fa fa-fw fa-copy"></i></button>
              </div>
            </div>
          </div>
          <hr>
          <div class="form-group">
            <label>Name <strong class="text-danger">*</strong></label>
            <div class="input-group">
              <div class="input-group-prepend">
-                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                <span class="input-group-text"><i class="fa fa-fw fa-sticky-note"></i></span>
              </div>
              <input type="text" class="form-control" name="name" placeholder="Key Name" required autofocus>
            </div>
          </div>
          <div class="form-group">
-            <label>Expiration Date</label>
+            <label>Expiration Date <strong class="text-danger">*</strong></label>
            <div class="input-group">
              <div class="input-group-prepend">
                <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
              </div>
-              <input type="date" class="form-control" name="expire">
+              <input type="date" class="form-control" name="expire" required>
            </div>
          </div>
          <div class="form-group">
            <label>Client <strong class="text-danger">*</strong></label>
            <div class="input-group">
              <div class="input-group-prepend">
                <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
              </div>
              <select class="form-control select2" name="client" required>
                <option value="">- Client -</option>
                <option value="0"> ALL CLIENTS </option>
                <?php
                $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $session_company_id ORDER BY client_name ASC");
                while($row = mysqli_fetch_array($sql)){
                  $client_id = $row['client_id'];
                  $client_name = $row['client_name'];
                  ?>
                  <option value="<?php echo $client_id; ?>"><?php echo "$client_name  (Client ID: $client_id)"; ?></option>
                  <?php
                }
                ?>
              </select>
            </div>
          </div>
        </div>
        <div class="modal-footer bg-white">
          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
-          <button type="submit" name="add_api_key" class="btn btn-primary">Save</button>
+          <button type="submit" name="add_api_key" class="btn btn-primary">Add</button>
        </div>
      </form>
    </div>
--- a/api_key_edit_modal.php
+++ b/api_key_edit_modal.php
@@ -1,43 +0,0 @@
 <div class="modal" id="editApiKeyModal<?php echo $api_key_id; ?>" tabindex="-1">
  <div class="modal-dialog">
    <div class="modal-content bg-dark">
      <div class="modal-header">
        <h5 class="modal-title"><i class="fa fa-fw fa-key"></i> <?php echo $api_key_name; ?></h5>
        <button type="button" class="close text-white" data-dismiss="modal">
          <span>&times;</span>
        </button>
      </div>
      <form action="post.php" method="post" autocomplete="off">
        <input type="hidden" name="api_key_id" value="<?php echo $api_key_id; ?>">
        <div class="modal-body bg-white">
          <div class="form-group">
            <label>Name <strong class="text-danger">*</strong></label>
            <div class="input-group">
              <div class="input-group-prepend">
                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
              </div>
              <input type="text" class="form-control" name="name" placeholder="Key Name" value="<?php echo $api_key_name; ?>" required autofocus>
            </div>
          </div>
          <div class="form-group">
            <label>Expiration Date</label>
            <div class="input-group">
              <div class="input-group-prepend">
                <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
              </div>
              <input type="date" class="form-control" name="expire" value="<?php echo $api_key_expire; ?>">
            </div>
          </div>
        </div>
        <div class="modal-footer bg-white">
          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
          <button type="submit" name="edit_api_key" class="btn btn-primary">Save</button>
        </div>
      </form>
    </div>
  </div>
 </div>
--- a/client_contact_details_modal.php
+++ b/client_contact_details_modal.php
@@ -85,7 +85,7 @@
                $software_id = $row['software_id'];
                $software_name = $row['software_name'];
                $software_type = $row['software_type'];
-                $software_license = $row['software_license'];
+                $software_license = $row['software_license_type'];
                $software_notes = $row['software_notes'];
              ?>
--- a/database_updates.php
+++ b/database_updates.php
@@ -45,6 +45,9 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
      mysqli_query($mysqli, "UPDATE `documents` SET `document_content_raw` = '$content_raw' WHERE `document_id` = '$id'");
    }
    // Add API key client column
    mysqli_query($mysqli, "ALTER TABLE `api_keys` ADD `api_key_client_id` INT NOT NULL DEFAULT '0' AFTER `api_key_expire`");
    // Then, update the database to the next sequential version
    mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.0.3'");
  }
--- a/db.sql
+++ b/db.sql
@@ -50,6 +50,7 @@ CREATE TABLE `api_keys` (
  `api_key_created_at` datetime NOT NULL,
  `api_key_updated_at` datetime DEFAULT NULL,
  `api_key_expire` date NOT NULL,
  `api_key_client_id` int(11) NOT NULL DEFAULT '0',
  `company_id` int(11) NOT NULL,
  PRIMARY KEY (`api_key_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/post.php
+++ b/post.php
@@ -407,12 +407,12 @@ if(isset($_POST['add_api_key'])){
      exit();
    }
    $secret = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['key'])));
    $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
    $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
-    // Gen a Key
+    $client = intval($_POST['client']);
    $secret = keygen();
-    mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_created_at = NOW(), company_id = $session_company_id");
+    mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_client_id = '$client', api_key_created_at = NOW(), company_id = $session_company_id");
    $api_key_id = mysqli_insert_id($mysqli);
--- a/settings-api.php
+++ b/settings-api.php
@@ -10,8 +10,9 @@
  $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM api_keys
    LEFT JOIN clients on api_keys.api_key_client_id = clients.client_id
    WHERE (api_key_name LIKE '%$q%')
-    AND company_id = $session_company_id
+    AND api_keys.company_id = $session_company_id
    ORDER BY $sb $o LIMIT $record_from, $record_to");
  $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
@@ -40,6 +41,7 @@
        <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
          <tr>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_name&o=<?php echo $disp; ?>">Name</a></th>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_client_id&o=<?php echo $disp; ?>">Client</a></th>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_secret&o=<?php echo $disp; ?>">Secret</a></th>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_created_at&o=<?php echo $disp; ?>">Created</a></th>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_expire&o=<?php echo $disp; ?>">Expire</a></th>
@@ -52,15 +54,24 @@
          while($row = mysqli_fetch_array($sql)){
            $api_key_id = $row['api_key_id'];
            $api_key_name = $row['api_key_name'];
-            $api_key_secret = $row['api_key_secret'];
+            $api_key_secret = "************" . substr($row['api_key_secret'], -4);
            $api_key_created_at = $row['api_key_created_at'];
            $api_key_expire = $row['api_key_expire'];
            if($api_key_expire < date("Y-m-d H:i:s")){
              $api_key_expire = $api_key_expire . " (Expired)";
            }
            if($row['api_key_client_id'] == 0){
              $api_key_client = "<i>All Clients</i>";
            }
            else{
              $api_key_client = $row['client_name'];
            }
          ?>
          <tr>
-            <td>
+            <td><?php echo $api_key_name; ?></td>
-              <a class="text-dark" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>"><?php echo $api_key_name; ?></a>
+            <td><?php echo $api_key_client; ?></td>
            </td>
            <td><?php echo $api_key_secret; ?></td>
            <td><?php echo $api_key_created_at; ?></td>
            <td><?php echo $api_key_expire; ?></td>
@@ -70,17 +81,13 @@
                  <i class="fas fa-ellipsis-h"></i>
                </button>
                <div class="dropdown-menu">
-                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>">Edit</a>
+                  <a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Revoke</a>
                  <div class="dropdown-divider"></div>
                  <a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Delete</a>
                </div>
              </div>   
            </td>
          </tr>
          <?php
          include("api_key_edit_modal.php");
          }
--- a/user_archive_modal.php
+++ b/user_archive_modal.php
@@ -0,0 +1,16 @@
 <div class="modal" id="archiveUserModal<?php echo $user_id; ?>" tabindex="-1">
  <div class="modal-dialog">
    <div class="modal-content">
      <div class="modal-body">
        <center class="mb-4">
          <i class="far fa-10x fa-times-circle text-danger mb-3 mt-3"></i>
          <h2>Are you sure?</h2>
          <h6 class="mb-4 text-secondary">Do you really want to <b>archive <?php echo $user_name; ?></b>? This process cannot be undone.</h6>
          <h6 class="mb-4 text-secondary"><?php echo $user_name ?> will no longer be able to login or use ITFlow, but all associated content will remain accessible.</h6>
          <button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>
          <a class="btn btn-danger btn-lg px-5" href="post.php?archive_user=<?php echo $user_id; ?>">Yes, archive!</a>
        </center>
      </div>
    </div>
  </div>
 </div>