I am working on the Azure Redis Cache, and I am using a REST API to create a cache. The response I get is :
HTTP/1.1 401 Unauthorized
{
"error": {
"code": "AuthenticationFailed",
"message": "Authentication failed. The 'Authorization' header is missing."
}
}
I could not find any Authorization header in the documentation. Can someone suggest the procedure to generate the authorization header ?
Essentially creating an Azure Redis Cache account operation is an Azure Resource Manager (ARM) operation. Each ARM operation requires an authorization header that must be included in the request. Because you didn't include this header in your request, you're getting this error.
Please see Resource Manager REST APIs for detailed instructions on how you can authenticate your ARM API requests.
Related
We are getting an error while trying to trigger a PATCH request via HTTP AZURE Gateway from Power Virtual Agent BOT to S/4 HANA through OData v2 service. The same service works fine when we test it from POSTMAN and through SAP Gateway Client.
The BOT is deployed on MS Teams.
Below are the steps which are configured from BOT perspective:
Trigger a GET request to fetch the CSRF token using below HTTP headers
Authorization: Bearer(tokenvalue)
X-CSRF-Token : Fetch
Set-Cookie : Fetch
The above cookie value is being converted to eliminate '/', spaces and commas. The same has been replaced with %2F, %2b and ; respectively in the encoded format.
Once the CSRF token is fetched, it is stored in a local variable and passed to PATCH request
Authorization : Bearer(tokenvalue)
X-CSRF-Token :
Cookie :
Below is the error we are able to see in Power Automate Flow.
**
"error": {
"code": 403,
"message": "The response is not in a JSON format.",
"innerError": "CSRF token validation failed"
}
}
```**
We are expecting success call for this PATCH request. This is working fine with same user when tested in POSTMAN and native SAP gateway client.
you are using the microsoft on-premise-gateway to connect your odata service.
the on-premise-gateway establishes always a new http connection that expires the X-CSRF-TOKEN
maybe this will be supported in a later version
I have an API which has Authorization has bearer token. I tested in post man and it's working. However, it's not working when I used web activity in the ADF.
I am passing the url in the URL section. Created new header, typed Authorization and gave value "Bearer token"
Getting below error
Error
Troubleshoot activity failures
{
"errorCode": "2108",
"message": "{\"error\":{\"type\":\"invalid_request_error\",\"message\":\"Request forbidden by administrative rules. Please make sure your request has an acceptable User-Agent header.\",\"documentation_url\":\"https://developer.dentally.co\"}}",
"failureType": "UserError",
"target": "Web1",
"details": []
}
Can anyone please advise?
I reproduced the same in my environment. I successfully generated a bearer Token with Postman.
To solve the above error code:2200. Please follow the below approach.
I used the same URL with web Activity and generated a bearer Token in the Azure data factory.
Generate bearer Token as shown below:
Connect Web activity 2 with newly created Web1 activity
Add dynamic expression : Bearer #{activity('Web2').output.data.Token}
Output:
Reference:
Sample Rest API URL for testing with authentication by Ashok Patel
Environment for resource/permission token creation:
nodejs v14
#azure/cosmos
Environment to fetch docs:
rest api postman client windows machine
I am getting error when trying to fetch GET docs using created permission with below PermissionDefinition as:
{
id: "key-name", permissionMode: "All",
resource: "dbs/<db-name>/colls/<col-name>/docs/*",
resourcePartitionKey: ["partition-key"]
}
Also tried resource id as "dbs//colls//docs"
But getting same error, I am able to success fetch collection info with url as
https://{{DocumentDBHost}}/dbs/<db-name>/colls/<coll-name>
Below is error when trying to get docs from collection through rest api using permission resource token as:
{
"code": "Forbidden",
"message": "Insufficient permissions provided in the authorization header for the corresponding request. Please retry with another authorization header.\r\nActivityId: d6fe0b9e-c0a2-42a4-9378-50ccf1613aa7, Microsoft.Azure.Documents.Common/2.14.0"
}
using url as:
// to read specific doc
https://{{DocumentDBHost}}/dbs/<db-name>/colls/<coll-name>/docs/<doc-id>
// to read all docs in collection
https://{{DocumentDBHost}}/dbs/<db-name>/colls/<coll-name>/docs
Perparing auth token as
var permToken = "type=resource&ver=1&sig=UVlXYH0zKJyubcH9LAsBiw==;w7eUSmBFoA4dpcGNgV3Lm3kbFUE42IixXPEI2LVEr******************BPeWGl2pnkfN6V7FLX0leF/9WeDzUz06rq3po48jUSws5hNY8aR9LqMdSgwE1U4ygNbINMNe****************************v+u/ge9lKy10eZObL1u4FQMiE=;"
auth = encodeURIComponent(permToken);
So, doing encoding uri also on token got through permission
Other headers added to rest api are as follows:
[{"key":"Accept","value":"application/json","enabled":true},{"key":"x-ms-version","value":"2015-12-16","enabled":true},{"key":"Authorization","value":"{{authToken}}","enabled":true},{"key":"x-ms-date","value":"{{RFC1123time}}","enabled":true},{"key":"x-ms-documentdb-partitionkey","value":"[\"dl\"]","type":"text","enabled":true}]
Kindly pass detailed rest api doc when using resource/permission token, if there is any any change in specs. I already shared secondary key are success working for authorization part for same api request to CosmosDB
I've created a Logic App, which is configured to authenticate using AD Outh according to this:
https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
This Logic App it takes a lot of time to execute and to avoid timeout the response was configured with Asynchronous Pattern as mention in:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/async-operations
The authentication with Bearer Token works and the Logic App responses with a URL (in Location header) in which finally will be stored the response.
The problem is that I cant't access to this URL because I'm receiving the next error:
{
"error": {
"code": "DirectApiAuthorizationRequired",
"message": "The request must be authenticated only by Shared Access scheme."
}
}
The problem is that the URL returned in the Location header only contains SAS keys when I run the Logic App using SAS and I need use only OAuth for securiry reasons.
Now, if try to access to this URL using Bearer token the response is:
{
"error": {
"code": "InvalidUseOfOAuthToken",
"message": "The requested operation is not supported, Use of open authentication token is only supported for workflow trigger request."
}
}
Here an example of the URL:
https://prod-05.southcentralus.logic.azure.com/workflows/a98d6ba3becd449db74ac0527a64ec57/runs/08585941366423271731798768425CU04/operations/c4d9cb98-03b3-4c44-87c3-5752c2ed403c?api-version=2016-10-01
So, understanding that is not posible access to this URL using OAuth, How can I force the header location to include the SAS parameters by consuming the logic app using OAuth?
Finally, solution proposed was to use the functionality "Create expiring callback URLs" for Async Logic Apps,
https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app#create-expiring-callback-urls
This consists of creating a temporary URL for each execution, these URL’s contain SAS parameter which will in cretain date . These URLs are created from a call to the ARM Rest API using a Bearer Token and specifying the date on which it will stop working. With this way there is no problem using SAS because are temporary.
https://learn.microsoft.com/en-us/rest/api/logic/workflowversions/listcallbackurl
I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.
I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.
I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:
{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }
I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.
Has anyone tried this with success?
Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.
Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.
So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.
Get access token
I test Get environments API, it works correctly for me.
GET https://api.timeseries.azure.com/environments?api-version=2016-12-12