I have created a Token for Admin account. Now I am trying to invoke some API in ansible using the below
$headers=#{
Authorization="Bearer <token>"
}
$response=Invoke-WebRequest -Method GET -Uri "https://ansible.xyz.com/api/v2/job_templates" -Headers $headers -ContentType "application/json"
When I do run the above I get the following error:
Authentication credentials were not provided. To establish a login session, visit /api/login/.
I don't understand when I use Token to authenticate why it's still showing an error.
When I use the same auth token in postman or curl it's working fine.
Related
I'm trying to get data back from an API online using Powershell with the command Invoke-WebRequest -UseBasicParsing $request_string -Method Get -Headers $headers) but am getting back Invoke-WebRequest : The remote server returned an error: (403) Forbidden.
I am supplying a $headers dictionary. Strangely, I can access the API using Postman, Python, and cURL. It's only when using Powershell commands that I get the 403 error. In fact, I used Postman's Code Snippet feature to generate my Powershell code, and it still doensn't work! Postman's Powershell Code Snippet was:
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer {removed for security}")
$response = Invoke-RestMethod '{removed for security}' -Method 'GET' -Headers $headers
$response | ConvertTo-Json
To recap, both Invoke-WebRequest and Invoke-RestMethod don't work.
Any help here is much appreciated.
Thanks!
Figured it out on my own.
The API vendor enforced https requirement instead of just http. Apparently, Postman, Python, and cURL can figure that out on their own and change the request accordingly, but Powershell cannot.
I'm using a personal access token to make a call to /api/v2/hosts. In the header, I have "Authorization: bearer <personal access token". In postman it works just fine, I get a list of the hosts. But in Powershell, using Invoke-RestMethod fails with
Invoke-RestMethod : {"detail":"Authentication credentials were not provided. To establish a login session, visit /api/login/."}
Does anyone have any idea why this would be the case?
Here's the code: all values are non-sensitive. They are throwaway:
Here's the relevant code, non of the information is sensitive, it's non-production throwaway:
$headers = #{ Accept = "application/json"; Authorization = "bearer YqQoPFTD7GRZqB3XxAvVlZ2SUWxZGc"; "Accept-Encoding" = "gzip, deflate, br"}
$hosts=Invoke-RestMethod "https://10.100.235.4/api/v2/hosts" -Method Get -Headers $headers
The problem is that the response was a 301, and after the redirect the headers were being dropped. Apparently Powershell 7 has an option to stop this from happening, so I think that's the answer.
I have a Google Sheet I want to fill using Google Cloud service account. So I've created the account, shared the sheet with it. I activate it with:
gcloud auth activate-service-account --key-file=XXX.json
and I put this in my powershell code:
$cred = gcloud auth print-access-token
$result = Invoke-RestMethod -Headers #{Authorization = "Bearer $cred"} -Uri
$requestUri -Method Post -ContentType "application/json" -Body $data
but I keep getting this error:
#{code=403; message=Request had insufficient authentication scopes.; status=PERMISSION_DENIED}
so my question is, where and how do I set scopes for service account?
when I send a request through powershell to rest api Postmarkapp I have these errors
When use metod get
Invoke-RestMethod : Cannot send a content-body with this verb-type.
When use metod post
Server Error in '/' Application. The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /deliverystats
Script
$Uri = 'https://api.postmarkapp.com/deliverystats'
Invoke-RestMethod $Uri -Method Post -Headers #{'X-Postmark-Server-Token' =" Token" } -ContentType "application/json" |
The script you provided wasn't complete - it ends with a |.
A valid token is required before executing a request or you'll get this error:
Invoke-RestMethod : {"ErrorCode":10,"Message":"No Account or Server API tokens were supplied in the HTTP headers. Please add a header for either
X-Postmark-Server-Token or X-Postmark-Account-Token."}
Your code had ' Token', which is a constant and is probably not a valid value for the X-Postmark-Server-Token or X-Postmark-Account-Token header. You didn't show how $Token was set, but it probably should have been something like this:
$Token = 'xxxxxxxxxxxxx' #your account specific token
$uri = 'https://api.postmarkapp.com/deliverystats'
Then add the headers like this (with a $ before Token):
Invoke-RestMethod $Uri -Method Get -Headers #{'X-Postmark-Server-Token' ="$Token" } -ContentType "application/json"
I am trying to connect to Keyvault with my Azure Function using PowerShell.
The Managed Service Identity (MSI) has been turned on, and in Keyvault I granted the MSI 'get' and 'list' access policies.
Using the script below I successfully get an access token, but when I make the request to Keyvault I always receive a 401 response.
$vaultName = $Env:KeyVaultName
$vaultSecretName = $Env:VaultSecretName
$tokenAuthURI = $Env:MSI_ENDPOINT + "?resource=https://vault.azure.net/&api-version=2017-09-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers #{"Secret"="$env:MSI_SECRET"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
$headers = #{ 'Authorization' = "Bearer $accessToken" }
$queryUrl = "https://$vaultName.vault.azure.net/keys/" +$vaultSecretName + "?api-version=2016-10-01"
$keyResponse = Invoke-RestMethod -Method GET -Uri $queryUrl -Headers $headers
Any idea why the token is not sufficient?
Try changing the resource URI to https://vault.azure.net (with no trailing slash). The token validation on the server expects the exact same string as it returns in the 401 response's WWW-Authenticate header. In general, Key Vault returns 401 for cases where the token is missing or fails validation (three common cases are the token is expired, has an incorrect resource URI, or was issued by a different tenant than the vault is associated with).