06-20-2024 10:43 AM
I'm trying to start using the REST API but I am seemingly unable to get my requests authorized. I've tried generating my JWT in a couple different ways and both paths lead to an Unauthorized error message when running a GET request.
I've set up a new client connection for the REST API following the instructions found here:
After setting up the client connection, I'm trying a GET request in Postman to generate the token and I have gone into the Authorization tab and filled out Auth URL, Access Token URL, Client ID, and Client Secret, I've set the scope to evolution and the Grant Type is set to Authorization Code. When I click the Get New Access Token button, I'm met with the below error. From what I understand, this is meant to take me to a login page where I can put in the credentials to use to authenticate but it fails.
I've also tried generating a token via a POST request where I'm entering in the above keys as well as a username and password for an account that has API access and while I am able to get a code from that request, when I run a GET request with that code to pull some information, it throws a 401 error that states "Authentication credentials are missing or invalid." I've tried using my own admin account as well as the MANAGER account and both are denied access. What am I doing wrong here?
Best Regards,
Ian Sasser
06-20-2024 11:05 AM
Hi
The first place to start is to review the logged messages under the Hyland.Identity.Provider profile in Hyland Diagnostics. You should see a message under with a LogLevel of Error. You'll see something like the following ...
The error message should provide more context about the problem.
Best wishes.
06-20-2024 11:23 AM
The token request is a POST, that is why your second approach works and returns the token.
What specific API endpoint call are you trying to use?
Is there any more information being presented in the Diagnostic Console?
I like using PostMan to test as well.
Here are a few screenshots from my dev system...
Note: This is an older screenshot. As I have become more experienced with PostMAN, I have learned that you can use the Authorization tab (instead of the Body: x-www-form-urlencoded) with OAuth2 and Configure a New Token to run your API Call in a single step.
success:
Configuring a GET to the API Server (Document API) for a document by docID (aka Doc Handle or ItemNum)
This one has no other requirements...just include the ID in the endpoint
There are some API Calls that do require the body include some required JSON.
For example, the Reset User Password(Admin API) will give a bad call if you forget to send the payload.
{ "password": "passw0rd", "forcePasswordChangeOnNextLogin": true}
06-21-2024 05:47 AM
Question 1: What specific API endpoint call are you trying to use?
Below is the endpoint I am trying to use.
I've also tried this endpoint:
Question 2: Is there any more information being presented in the Diagnostic Console?
Yes there is. Below is the log message:
What source parameter is it referring to here?
Something else I've noticed about my new client connection is that I don't have redirect URLs for this one where as the others do. How can I determine which redirect URLs I need? Or do I need them at all? I've read in other forum posts that if you are using a Client Secret, which I am, you won't need the redirects.
06-21-2024 06:38 AM
Hi
The Client configuration within the Hyland Identity Services allows you to setup an OAuth2/OpenID client. I believe you are referring to the Grant Type which is determined by the way you are looking to Authenticate again the Hyland Identity Service. You can find more information about the different supported Grant Type (aka. OAuth2 flows) here ...
https://sdk.onbase.com/rest/OnBase/Foundation23.1/document/programmers-guide/authentication.html
... specifically, Authorization Code OR Resource Password Owner (as these are the two which are documented as supported for the REST API). However, Token Exchange is also supported. As an item of note, the REST APIs require a user account to be authenticate which will limit the Grant Types which are supported.
Question 1: What specific API endpoint call are you trying to use?
All of the REST API endpoints supported with the API Server work in the same general way. They will require an Access Token generated from the Hyland Identity Service in order to allow access. Further, some will require the OnBase session cookie. Assuming you have an Access Token and the OnBase session cookie, you can make a call to the endpoint based on the HTTP request requirements defined in the SDK.
Question 2: Is there any more information being presented in the Diagnostic Console?
Without context of what leads up to this issue, it is hard to determine what is specifically causing the error to occur. However, I'm assuming that it is a ...
- A miss configuration of the Client within the Hyland Identity Service
- A miss configuration of the client application requesting the Access Token
- A miss configuration of the Hyland Identity Service
The last item in the list above would be determine by being able to configure other client applications to work. If they do, then it is likely the Client configuration used by your client application OR your client application. A greater context to the error you referenced would be useful in troubleshooting further.
Take care.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.