Chapter 10. Asterisk Manager Interface (AMI) and Adhearsion

Do but take care to express yourself in a plain, easy Manner, in well-chosen, significant and decent Terms, and to give a harmonious and pleasing Turn to your Periods: study to explain your Thoughts, and set them in the truest Light, labouring as much as possible, not to leave them dark nor intricate, but clear and intelligible.

Miguel de Cervantes, Preface to Don Quixote

The Manager Interface

The Asterisk Manager Interface (AMI) is a powerful programmatic interface. It allows external programs to both control and monitor an Asterisk system.[125] This interface is often used to integrate Asterisk with existing business processes and systems, CRM (Customer Relationship Management) software. It can also be used for a wide variety of applications, such as automated dialers and click-to-call systems.

The Asterisk Manager Interface listens for connections on a network port. A client program can then connect to the Asterisk Manager Interface on that port, authenticate itself, and send commands to Asterisk. Asterisk will then respond to the request, as well as update the client program with the status of the system.

To use the Manager, you must define an account in the file /etc/asterisk/manager.conf. This file will look something like this:

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

[oreilly]
secret = notvery
;deny=0.0.0.0/0.0.0.0
;permit=209.16.236.73/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

In the [general] section, you have to enable the service by setting the parameter enabled = yes. You will need to reload the Manager in order to have this change take effect (module reload manager from the Asterisk console). The TCP port defaults to 5038.

Next, you create a section for each user that will authenticate to the system. For each user, you will specify the username in square brackets ([ ]), followed by the password for that user (secret), any IP addresses you wish to deny access to, any IP addresses you wish to permit access to, and the read and write permissions for that user.

Warning

It is very important to understand that other than a clear text password and the ability to restrict IP addresses, there is no security of any kind on the Manager interface. If you are running Manager on an untrusted network (or have any other complex needs), you should consider using David Troy’s excellent AstManProxy to handle all of your connections to the manager API.

Connecting to the Manager Interface

It is important to keep in mind that the Manager interface is designed to be used by programs, not fingers. That’s not to say that you can’t issue commands to it directly—just don’t expect a typical console interface, because that’s not what Manager is for.

Commands to Manager are delivered in packages with the following syntax (lines are terminated with CR+LF):[126]

Action: <action type>
Key 1: Value 1
Key 2: Value 2
etc ...
Variable: Value
Variable: Value
etc...

For example, to authenticate with Manager (which is required if you expect to have any interaction whatsoever), you would send the following:

Action: login
Username: oreilly
Secret: notvery
<CR+LF>

An extra CR+LF on a blank line will submit the entire package to Manager.

Once authenticated, you will be able to initiate actions, as well as see events generated by Asterisk. On a busy system, this can get quite complicated and become totally impossible to keep track of with the unaided eye. To turn keep Asterisk from sending events, you can add the Events parameter to your login command, like this:

Action: login
Username: oreilly
Secret: notvery
Events: off
<CR+LF>

If you’re worried about sending your secret across the wire in plain text (which you should be), you can also authenticate using an MD5 challenge-response system, which works very similar to HTTP digest authentication. To do this, you first call the Challenge action, which will present you with a challenge token:

          Action: Challenge
AuthType: MD5

          
Response: SuccessChallenge: 840415273

You can then take that challenge token, concatenate the plaintext secret onto the end of it, and calculate the MD5 checksum of the resulting string. The result can then be used to login without passing your secret in plain text.

          Action: Login
AuthType: MD5
Username: Admin
Key: e7a056e1488882c6c509bbe71a049978

          
Response: Success
Message: Authentication accepted

Sending Commands

Once you’ve successfully logged into the AMI system, you can send commands to Asterisk by using the other actions. We'll show a few commands here so that you can get a feel for how they work.

Transferring a call

The Redirect action can be used to transfer a call. After logging in, you should send an action like the one below:

Action: Redirect
Channel: SIP/John-ae201e78
Context: Lab
Exten: 6001
Priority: 1
ActionID: 2340981650981

Note

For each action you sent over the manager interface, you can send along an arbitrary ActionID value. This will allow you to recognize the responses from Asterisk as being related to your actions. It is strongly recommended that you send a unique ActionID with each of your AMI commands.

This URL transfers the specified channel to another extension and priority in the dialplan. The response to this action is:

Response: Success
ActionID: 2340981650981
Message: Redirect Successful

Reading a configuration file

To read an Asterisk configuration file via the Manger interface, we can use the the GetConfig action. The GetConfig action returns the contents of a configuration file, or portion thereof. The following command retrieves the contents of the file users.conf.

Action: GetConfig
Filename: users.conf
ActionID: 9873497149817

Asterisk then returns the contents of the users.conf file. The response looks like:

Response: Success
ActionID: 987397149817
Category-000000: general
Line-000000-000000: fullname=New User
Line-000000-000001: userbase=6000
Line-000000-000002: hasvoicemail=yes
Line-000000-000003: hassip=yes
Line-000000-000004: hasiax=yes
Line-000000-000005: hasmanager=no
Line-000000-000006: callwaiting=yes
Line-000000-000007: threewaycalling=yes
Line-000000-000008: callwaitingcallerid=yes
Line-000000-000009: transfer=yes
Line-000000-000010: canpark=yes
Line-000000-000011: cancallforward=yes
Line-000000-000012: callreturn=yes
Line-000000-000013: callgroup=1
Line-000000-000014: pickupgroup=1
Line-000000-000015: host=dynamic

Updating configuration files

It is often useful to be able to update an Asterisk configuration file via the Asterisk Manager interface. The UpdateConfig action is used to update one or more settings in a configuration file. For example, to delete a user named 6003 from users.conf you could issue the following command:

Action: UpdateConfig
Filename: users.conf
Reload: yes
SrcFilename: users.conf
DstFilename: users.conf
Action-00000: delcat
Cat-00000: 6003
ActionID: 5298795987243

Obviously, we've only scratched the surface of the many different actions available as part of the Asterisk Manager Interface. For a more detailed listing of the available commands, see Appendix F.



[125] Contrast this with the Asterisk Gateway Interface (AGI), which allows Asterisk to launch an external program from the dialplan. The AGI and AMI interfaces are very much complimentary to each other.

[126] Carriage Return followed by Line Feed. This is popularly achieved by pressing the Enter key on the keyboard, but there are differences across various OS platforms and programming languages, so if you are having trouble with commands to the interface, it may be worth noting the exact character combination that is required. At the time of writing, Wikipedia had a respectable writeup on this concept (http://en.wikipedia.org/wiki/Newline).

Get Asterisk: The Future of Telephony, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.