Authorization Bearer with Cloud Account
AnsweredHi there,
After following the instructions here for using authorization bearers, I've encountered an issue when trying to generate a token for a cloud user (Local URL: https://{system_id}.relay.vmsproxy.com).
When I generate the primary token, I receive what seems to be an expected response i.e. 'nxcdb-2d825e34-b80b-43ed-8a9a-4612799cb578'. However, when I go to validate the primary_token_info, I get the following response despite everything up until that point working as expected:{'error': '2', 'errorId': 'invalidParameter', 'errorString': 'Unknown session token nxcdb-2d825e34-b80b-43ed-8a9a-4612799cb578: Cloud result: notAuthorized'}
Then, when I go to authenticate, I get a '401 -- WrongSession Token' error. Does my cloud account need admin privileges in order to generate a valid token? Or is there any other reason I might be generating an invalid token? Happy to provide more context as needed!
-
Hi,
While working with cloud, the http redirects often take place. I guess, It's you case. You need to retain authorization headers.
Here is the thread explaining the issue and its solution.
-
Andrey Terentyev Thank you for your help! I can successfully authenticate and get information from the system now. Though I am wondering about permissions. When we get a new system what user permissions are required in order to connect via the method of the cloud relay?
-
Andrey Terentyev Thank you for your answer! I was wondering specifically which permissions are required for these functions:
1. request_api(LOCAL_URL, '/rest/v1/system/info', 'GET', verify=False)
2. request_api(LOCAL_URL, f'/rest/v1/login/users/{CLOUD_USER}', 'GET', verify=False)
3. request_api(CLOUD_URL, f'/cdb/oauth2/token', 'POST', json=oauth_payload)
4. request_api(LOCAL_URL, f'/rest/v1/login/sessions/{primary_token}', 'GET', verify=False)
5. request_api(LOCAL_URL, f'/rest/v1/servers/*/info', 'GET',
headers=primary_token_header, verify=False)
6. requests.get('%s/ec2/getCamerasEx' % (LOCAL_URL), headers = primary_token_header)
(from https://dwspectrum.digital-watchdog.com/docs/developers/knowledgebase/278-how-does-authentication-work) -
Hi,
The permissions required for each API you can find in the API endpoint documentation, in the x-permission section.
/ec2/getCamerasEx is deprecated. Use /rest/v2/devices instead.
Please sign in to leave a comment.
Comments
5 comments