Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API not authorized #103

Open
Kaputt4 opened this issue Apr 12, 2022 · 3 comments
Open

API not authorized #103

Kaputt4 opened this issue Apr 12, 2022 · 3 comments

Comments

@Kaputt4
Copy link

Kaputt4 commented Apr 12, 2022

Hi and congratulations for this great tool @qjerome !

My question may seem silly because I'm fairly new to APIs, and the solution is probably a little detail, but I've spent hours trying to solve it without luck.

The problem is that I'm getting "Not Authorized" in every request to the APIs using cURL and Postman.
I'm including the header X-Api-Key with the value of the key fields in the manager configuration file. I've tried with both admin-api.users key as well as endpoint-api.endpoints keys, without luck.

I've tried with the keys' values from the default configuration file provided by the manager, and from the configuration.md example, to exclude format errors from the problem research.

I've also tried to reach both admin and endpoints APIs, and also using HTTP and HTTPS, without luck at all.

I'd really appreciate if you could help me to solve this dumb problem so that I can try the manager and the tool. Thanks!!
@qjerome
Copy link
Contributor

qjerome commented Apr 12, 2022

Hi @Kaputt4,

Thank you for your support and for giving a try to the tool.

One thing you should keep in mind is that endpoint API is there to provide connectivity between endpoints and the manager. It is not meant to be queried by the end-user. Only the Admin API is made to administer endpoints.

The next step is to figure out what version of the tool you are using. Can you please tell me if you are using the latest beta or the stable release ? There are numbers of changes in beta release which have not been documented yet.

The problem you are having seems to be linked to a wrong API key you are using.
If you are using beta release, you first need to create the an admin user before you can use the admin API (by default there is no user in the DB). To do that, you have to use the manager's binary with the "-user" switch and use the credentials you get in order to establish connection to the admin API.

@Kaputt4
Copy link
Author

Kaputt4 commented Apr 13, 2022

Hi @qjerome,

I was trying at first with v1.7.0 stable release, but didn't manage to get it. With latest beta, v1.8.0-beta.6, I've been able to create the user following the steps you said and establish connection successfully to the admin API. Thank you so much.

Is there any chance to achieve the connection with v1.7.0? How can I get the user key? Or do you recommend using the latest beta to build the testing lab?

@qjerome
Copy link
Contributor

qjerome commented Apr 13, 2022

Hi @Kaputt4,

Sorry for this lack of consistency between the documentation and the code. I actually plan to update the documentation when the next stable release will be published. I am glad you managed to make it work.

I would recommend you to use the beta releases instead of the last stable as a lot of new features are there and some bugs got corrected as well. Additionally, if you are using the beta release you can benefit from a consistent Open API documentation to query admin API. You can for instance navigate to the appropriate release tag on the repo and load ./doc/admin.openapi.json into swagger.
For example: https://validator.swagger.io/?url=https://raw.githubusercontent.com/0xrawsec/whids/v1.8.0-beta.6/doc/admin.openapi.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qjerome @Kaputt4