REST authorization bearer token denied
After successfully receiving a bearer token, I still can't query the API. Any help with trouble shooting would be great. Here is my workflow in HTTP:
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/auth/auth-token
content-type: application/json
{
"scope":"variables"
}
#Response
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Oct 2021 14:37:03 GMT
Content-Type: application/json
Content-Length: 44
Connection: close
Status: 200 OK
read_time: 2021-10-08T14:37:03.996969Z
end_time: 2021-10-08T14:37:03.997446Z
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
X-debug-message: location _pxc_api
{
"code": "XccK0YxVm4lyq3uv",
"expires_in": 600
}
[/code]
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/auth/access-token
content-type: application/json
{
"code": "XccK0YxVm4lyq3uv",
"grant_type": "authorization_code",
"username": "admin",
"password": "12345678"
}
#Response
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Oct 2021 14:42:02 GMT
Content-Type: application/json
Content-Length: 84
Connection: close
Status: 200 OK
read_time: 2021-10-08T14:42:02.136994Z
Set-Cookie: acctkey=26e221af9fc7fc58; Path=/_pxc_api/api/auth/access-token; Secure; HttpOnly
end_time: 2021-10-08T14:42:02.167995Z
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
X-debug-message: location _pxc_api
{
"token_type": "Bearer",
"access_token": "22qSiGP7ZGp7u4jFATVK0jwiqDWOua79",
"roles": []
}
[/code]
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/variables
content-type: application/json
authorization: Bearer 22qSiGP7ZGp7u4jFATVK0jwiqDWOua79
{
"pathPrefix": "Arp.Plc.Eclr/",
"paths": "Y0_BellSOL"
}
#Response
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Fri, 08 Oct 2021 14:45:22 GMT
Content-Type: application/json
Content-Length: 132
Connection: close
Status: 401 Unauthorized
WWW-Authenticate: Bearer realm="pxcapi", error="invalid_token"
X-debug-message: location _pxc_api
{
"apiVersion": "1.6.0.0",
"projectCRC": 2295408380,
"error": {
"code": 401,
"details": [
{
"domain": "authorization",
"reason": "accessDenied"
}
]
}
}
[/code]
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/auth/auth-token
content-type: application/json
{
"scope":"variables"
}
#Response
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Oct 2021 14:37:03 GMT
Content-Type: application/json
Content-Length: 44
Connection: close
Status: 200 OK
read_time: 2021-10-08T14:37:03.996969Z
end_time: 2021-10-08T14:37:03.997446Z
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
X-debug-message: location _pxc_api
{
"code": "XccK0YxVm4lyq3uv",
"expires_in": 600
}
[/code]
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/auth/access-token
content-type: application/json
{
"code": "XccK0YxVm4lyq3uv",
"grant_type": "authorization_code",
"username": "admin",
"password": "12345678"
}
#Response
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Oct 2021 14:42:02 GMT
Content-Type: application/json
Content-Length: 84
Connection: close
Status: 200 OK
read_time: 2021-10-08T14:42:02.136994Z
Set-Cookie: acctkey=26e221af9fc7fc58; Path=/_pxc_api/api/auth/access-token; Secure; HttpOnly
end_time: 2021-10-08T14:42:02.167995Z
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
X-debug-message: location _pxc_api
{
"token_type": "Bearer",
"access_token": "22qSiGP7ZGp7u4jFATVK0jwiqDWOua79",
"roles": []
}
[/code]
[code type="markup"]
#Request
POST https://192.168.1.10/_pxc_api/api/variables
content-type: application/json
authorization: Bearer 22qSiGP7ZGp7u4jFATVK0jwiqDWOua79
{
"pathPrefix": "Arp.Plc.Eclr/",
"paths": "Y0_BellSOL"
}
#Response
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Fri, 08 Oct 2021 14:45:22 GMT
Content-Type: application/json
Content-Length: 132
Connection: close
Status: 401 Unauthorized
WWW-Authenticate: Bearer realm="pxcapi", error="invalid_token"
X-debug-message: location _pxc_api
{
"apiVersion": "1.6.0.0",
"projectCRC": 2295408380,
"error": {
"code": 401,
"details": [
{
"domain": "authorization",
"reason": "accessDenied"
}
]
}
}
[/code]
Comments
https://www.plcnext.help/te/Service_Components/REST_data_interface/REST_data_interface_Introduction.htm
Here is a trace from a session that successfully reads and writes GDS variables - hopefully there's some clues in there that might help with your problem.
_get_auth_token https://192.168.178.156/_pxc_api/v1.2/auth/auth-token {"scope": "variables"} --> {"code":"0e9ea61abcfc151b","expires_in":600} _get_auth_bearer https://192.168.178.156/_pxc_api/v1.2/auth/access-token b'{"code": "0e9ea61abcfc151b", "grant_type": "authorization_code", "username": "admin", "password": "1234567"}' --> {"state":"0e9ea61abcfc151b","token_type":"Bearer","access_token":"2b3e46180e0335c0","roles":[]} _get_session_id https://192.168.178.156/_pxc_api/v1.2/sessions {'User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Authorization': 'Bearer 2b3e46180e0335c0', 'Content-Length': '28'} stationID=Frank&timeout=5000 --> {"apiVersion":"1.4.0.0","projectCRC":1279771028,"userAuthenticationRequired":true,"sessionID":"s420819368","timeout":"5000"} read_variables https://192.168.178.156/_pxc_api/v1.2/variables?SessionID=s420819368&paths=Arp.Plc.Eclr%2FMainInstance.Test_In_Variable%2CArp.Plc.Eclr%2FMainInstance.Test_In_Variable2 {'User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Authorization': 'Bearer 2b3e46180e0335c0'} --> {"apiVersion":"1.4.0.0","projectCRC":1279771028,"userAuthenticationRequired":true,"variables":[{"path":"Arp.Plc.Eclr/MainInstance.Test_In_Variable","value":true},{"path":"Arp.Plc.Eclr/MainInstance.Test_In_Variable2","value":true}]} {'Arp.Plc.Eclr/MainInstance.Test_In_Variable': True, 'Arp.Plc.Eclr/MainInstance.Test_In_Variable2': True} write_variables https://192.168.178.156/_pxc_api/v1.2/variables b'{"SessionID": "s420819368", "variables": [{"path": "Arp.Plc.Eclr/MainInstance.Test_Out_Variable", "value": "true", "valueType": "Constant"}, {"path": "Arp.Plc.Eclr/MainInstance.Test_Out_Variable2", "value": "true", "valueType": "Constant"}]}' --> {"apiVersion":"1.4.0.0","projectCRC":1279771028,"userAuthenticationRequired":true,"variables":[{"path":"Arp.Plc.Eclr/MainInstance.Test_Out_Variable","value":true,"uri":"/_pxc_api/v1.2/variables/Arp.Plc.Eclr/MainInstance.Test_Out_Variable"},{"path":"Arp.Plc.Eclr/MainInstance.Test_Out_Variable2","value":true,"uri":"/_pxc_api/v1.2/variables/Arp.Plc.Eclr/MainInstance.Test_Out_Variable2"}]} {'Arp.Plc.Eclr/MainInstance.Test_Out_Variable': True, 'Arp.Plc.Eclr/MainInstance.Test_Out_Variable2': True}