SystemLink Forum
HTTP request not authorized if not logged on server
Hello Nandi,
Have you tried interfacing with the auth service in the NIAPIs?
http://yourserverORlocalhost/niapis
Try using this interface to test what works for you.
One option is to create apikeys that are static or session based then when the client opens a connection with this key is used to allow the connection. Once the session is authenticated, you can call the apis as you normally would because your session/connection has been authenticated.
There is a whitelist session which I assume means via a policy you can make certain items available via a session token. (have not done this)
The authorize button in swagger in the upper right that allows you to test the interface with a specific apikey.
I just tried the auth service/auth command... I put an invalid key in the x-ni-api-key and tried to run the get auth command...
get the
<title>401 Unauthorized</title>
So to create a new key via /auth you need
- workspaceID and policyID
workspaceID is found in the user service.
policyID is in the auth service via /policies. It will return all the resources. Find the resource you want to assign to the key.
create the key by passing these values in:
{ "name": "keyName", "policyIds": [ "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ" ], "defaultWorkspace": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "properties": { "key1": "value1" } }
Should return
{ "created": "2021-05-12T00:59:21.234Z", "defaultWorkspace": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "deleted": false, "enabled": true, "expiry": "9999-12-31T23:59:59Z", "id": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "name": "string", "policies": [ { "builtIn": false, "created": "2021-04-01T19:43:12.499Z", "deleted": false, "id": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "name": "minion_PCNAME--SN-XXXX--MAC-ADDRESS-XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "properties": {}, "templateId": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "type": "role", "updated": "2021-04-01T19:43:12.499Z", "userId": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "workspace": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ" } ], "properties": { "key1": "value1" }, "updated": "2021-05-12T00:59:21.234Z", "userId": "XXXXXXXX-XXXX-XXXXX-YYYY-ZZZZZZZZZZZ", "secret": "TOKEN"
Now if you plug the secret token into authorize x-ni-api-key, now I can invoke the /auth ok. I am sure there are many ways to do this in more abstracted clever way but for me I am learning the mechanics.
putting the curl command here too:
curl -X GET "http://SLSVR/niauth/v1/auth" -H "accept: application/json" -H "x-ni-api-key: TOKEN"
Also, some services just require a session token. So you need to fetch the token first and pass that with the request for the request to be processed.
