Skip to main content

OAuth2 Issues - 401 on requests when using it.

Thread needs solution
Beginner
Posts: 2
Comments: 8

We need to make use of some API calls that only have OAuth2 as an authentication option for them, so we're making changes to our existing API client (which works fine).  Unfortunately whenever we make a request using the OAuth token we get a 401 unauthorized back.

We've followed the steps outlined on the developer portal and in the PHP WHMCS example (we're not using the Acronis PHP lib though).

  1. Register a client and obtain client_id and client_secret from /api/2/clients - Done
  2. Use client_id and client_secret to issue a client_credentials token from /api/2/idp/token - Done
  3. Set header:  Authorization: Bearer <access_token>  - Done
    1. Also tried passing access_token=<access_token> as a parameter instead

At no point do we get any errors except when we try and make a request to any API endpoint once we've got the OAuth part handled.

It's driving me to distraction at the moment, so any help is appreciated.

 

Karl

0 Users found this helpful
Forum Member
Posts: 2
Comments: 54

#1

 Hi, Karl,

It should work. And yes, the correct way is to use a header.

Please check, the following. In a JSON token response you receive 2 fields which look like a token. There are id_token and access_token. You need to use second one - access_token.

Just for case, the issued token is valid for 2 hours.

As well, not all API calls work with a token, e.g.  /api/2/users/me call doesn't supported.

So in your case I would check the validity of token using  /api/2/clients/{client_id} GET call.

As well, please, check code examples at https://github.com/acronis It might give you additional understanding.

Beginner
Posts: 2
Comments: 8

#2

That could be the issue then, is there anything definitive that says which API endpoints support OAuth2?  As /users/me shows as supporting it in the RAML I have (as shown in the attached screenshot).

RAML docs linked from the console also show OAuth2 as supported for that endpoint!

https://dl.acronis.com/u/raml-console/1.0/?raml=https://eu-cloud.acronis.com/api/2/raml/api_ssi.raml

 

Attachment Size
537437-183728.png 20.39 KB
Forum Member
Posts: 2
Comments: 54

#3

This endpoint supports an OAuth authentication. It doesn't support authentication with a token issued using API Client credentials with client_credentials grant type because an API Client is disconnected from a user account.

https://dl.acronis.com/u/baas/rn/API_change_log/en-US/AcronisCyberCloud_API_change_log.pdf is a recent changlog. In the Acronis Cyber Cloud 9.0 - API change log section you can find all the endpoints which don't work with an API Client issued token.  This changelog is available at the documentation portal https://developer.acronis.com/doc/account-management/v2/guide/index (the Changelog entrance at the left menu).

You can find a tenant_id for which was issued an API Client in a JSON response for GET /clients/{client_id}.

As well as the previously used authentication mechanism via user name and password will continue working.

Beginner
Posts: 2
Comments: 8

#4

That makes sense.  Be handy if the API docs showed what grant they worked on OAuth2 with mind you :)

 

Thanks for your help.