Resolved Tokens created by plesk utility 401 with RestAPI

[jimlongo56]

I'm having a problem with RestAPI calls made using tokens created by the plesk utility.

If I create a token with

plesk bin secret_key -c -ip-address nn.175.208.108

This token will get a 401 in Postman when used in a RestAPI call.

A Token created in Postman using a call to

https://my.server.com:8443/api/v2/auth/keys

when used in API calls is successful.

This also happens in my PHP code with API calls. Tokens created by the plesk utility are unauthorized, tokens created by /api/v2/auth/keys are okay.

You might say, then just use the second method to get the keys, but that method requires interaction from a person with administrative name and password, whereas the utility does not.

This is the latest version of Onyx on Linux.

 

[jimlongo56]

additionally, this does not work as documented

[root@li505 ~]# plesk bin secret_key --delete –key fd24d491-1c04-23b7-b64d-8102880e335a
Unknown option '–key': /usr/local/psa/bin/secret_key --delete –key fd24d491-1c04-23b7-b64d-8102880e335a
Required option -key  is not set

 

[Brujo]

additionally, this does not work as documented

this looks like a typical copy and paste issue and it seems you have the wrong "-" character befor key!

just created a test key and deleted it afterwards without an issue -
# plesk bin secret_key --delete -key d9b2a3d7-fd6b-2c89-e658-3a94e8cee4f8
Key d9b2a3d7-fd6b-2c89-e658-3a94e8cee4f8 was successflly removed

 

[jimlongo56]

haha, I just discovered that . . . longdash instead of a dash, came back to report it and saw your post.
Thanks Brujo.


The initial post is still an issue.

 

[jimlongo56]

I've been informed by support that keys produced using the secret_key utility are not allowed in Rest API calls. They are only for XML_RPC calls.
Documentation is supposedly being corrected to say that, currently it says you can.

 

[alapshin]

Hello, @jimlongo56
Sorry for confusing you in support ticket. Please find below actions I performed to use token in Postman:

1. Executed # plesk bin secret_key -c -ip-address 192.0.2.2
where 192.0.2.2 is the IP address of the computer from which I going to send API requests (my local machine).
2. As result I reach token f84a426e-XXXX-6bd6-674a-4fd23f1ac77c
3. In Postman I have added the header X-API-Key and pasted token there
4. On Authorization tab I used "Bearer token" and paste token again
5. Then I used GET "https://203.0.113.2:8443/api/v2/clients/" where 203.0.113.2 is IP address of Plesk server.
6. As result I have reached list of Plesk users

 

[jimlongo56]

It's my experience that tokens created by and extension on the command line will not work immediately afterwards in a curl call from the extension.
I'm going to have to respectfully disagree, at least when it comes to tokens created and used via extensions, and I'm not going to waste another minute of my time proving it to myself again (which I did a dozen times the other day).

I solved it by creating a form, asking the admin for username and password, doing a curl call to '/api/v2/auth/keys' with those credentials and storing the API key in the database.
This key works.

Thanks.