Solved: Getting "Unauthorised" response from API - queryin...

himynamesdave · ‎04-27-2015

Happy Monday everyone!

I am trying to query collections in my app using the API like so (note, I am using a different password for admin):

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/config"

I get the following response.

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Unauthorized</msg>
  </messages>
</response>

I am using admin account which has read and write permissions for MYAPP.

UPDATE: I think this may be an API permission issue to MYAPP. So, if I run the same query on the search app (without any collections created) I get a valid response, i.e:

curl -k -u admin:changeme "https://0.0.0.0:8089/servicesNS/nobody/search/storage/collections/config"

As soon as I create a collection in the search app, I then get the unauthorised response again. Argh!

Then I thought it my be an issue running it as nobody, or admin on the collections. So I explicitly set owner=nobody in MYAPP/metadata/local for each collection. Still fail.

UPDATE: my collections.conf is very basic

[myfirstcollection]

[mysecondcollection]

In transforms I use these for a lookup for searching:

[kvstore_myfirst_lookup]
external_type = kvstore
collection = myfirstcollection
fields_list = _key, firstKV

[kvstore_second_lookup]
external_type = kvstore
collection = mysecondcollection
fields_list = _key, secondKV

I cannot find what permissions I need to set in my app to make this work 😞

Any ideas?

himynamesdave · ‎04-28-2015

I didn't manage to solve why that endpoint returned the "unauth" response, but for those who stumble upon this question with the same issue I did find a workaround that may be useful.

For my use-case I did not really need a list of all collections, as the endpoint (/servicesNS/nobody/MYAPP/storage/collections/config) gives.

What I needed was to print the contents of the collection. I could do this, by querying a different endpoint like so:

curl -k -u admin:changeme https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/data/MYCOLLECTION

View solution in original post

himynamesdave · ‎04-28-2015

I didn't manage to solve why that endpoint returned the "unauth" response, but for those who stumble upon this question with the same issue I did find a workaround that may be useful.

For my use-case I did not really need a list of all collections, as the endpoint (/servicesNS/nobody/MYAPP/storage/collections/config) gives.

What I needed was to print the contents of the collection. I could do this, by querying a different endpoint like so:

curl -k -u admin:changeme https://0.0.0.0:8089/servicesNS/nobody/MYAPP/storage/collections/data/MYCOLLECTION

n00badmin · ‎04-27-2015

make sure you escape special chars in your password!!!

for example:

admin:P@ssword$

this password would need a backslash in front of the @ and $

himynamesdave · ‎04-27-2015

Valid point - however can confirm this is not the issue here. The password has only alpha-numeric chars

Damien_Dallimor · ‎04-27-2015

what does your collections.conf look like ?

himynamesdave · ‎04-28-2015

I've added an update to the Q to include collections / transforms.conf info

Getting "Unauthorised" response from API - querying KV Store

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation