This repository has been archived by the owner on Mar 25, 2020. It is now read-only.
New API key is seen as unauthorized when used for POST,PATCH, and DELETE #142
Comments
|
I've just run the api test using the new API key and it passes without issues. So I'm not really sure why it happens. This console page lists the available keys. Does the page include your new key? If so, is the key associated with a usage plan? |
|
The admin view does show the new key and that the old one has been removed.
I am not sure about the key associated to a usage plan. I have reviewed the API’s created by the stack and see no reference to this key in any of the configuration nor the old key.
I can execute a list components, incidents, and maintenances items with the API and passing the key in the header with x-api-key but when I perform any other operation is return unauthorized. Could the key be good but permissions some where we not updated properly for the new key created?
… On Nov 15, 2018, at 6:01 AM, Kishin Yagami ***@***.***> wrote:
I've just run the api test <https://github.com/ks888/LambStatus/tree/master/packages/lambda/api_test> using the new API key and it passes without issues. So I'm not really sure why it happens.
This console page <https://console.aws.amazon.com/apigateway/home?#/api-keys> lists the available keys. Does the page include your new key? If so, is the key associated with a usage plan?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#142 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABqbCzdhNi3sxs4aQ9y4B8ffsOq5528Eks5uvWWlgaJpZM4YeE_R>.
|
|
The red square below indicate a usage plan. APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong. |
|
It does not show me a usage plan but an association to the release. Is this something I need to create on my own?
… On Nov 15, 2018, at 6:37 AM, Kishin Yagami ***@***.***> wrote:
The red square below indicate a usage plan.
<https://user-images.githubusercontent.com/8448120/48556200-a1f4bc80-e926-11e8-919d-4f6b391733d0.png>
APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#142 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABqbC3ITHIVt4p4KTcwf2MtCiQEqEgZMks5uvW4HgaJpZM4YeE_R>.
|
|
Correction on my last response as it appears I was one level to deep in the Api section. I have two usage plans associated with the API key which both associate to the same stage
… On Nov 15, 2018, at 6:37 AM, Kishin Yagami ***@***.***> wrote:
The red square below indicate a usage plan.
<https://user-images.githubusercontent.com/8448120/48556200-a1f4bc80-e926-11e8-919d-4f6b391733d0.png>
APIs to get a list components, incidents, and maintenances items need no permission. So it works even if the api key is wrong.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#142 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABqbC3ITHIVt4p4KTcwf2MtCiQEqEgZMks5uvW4HgaJpZM4YeE_R>.
|
|
for the record i also had to manually associate them in api gateway, and then all is good |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I decided to create a new API key and remove the previous. That was successful but now when I make API calls for POST,PATCH, or DELETE I receive "message": "Unauthorized". This was working with the previous API key but as part of a rotation process we rest it. Any suggestion on where to look at to why the new API is rejected and how to verify it is validating against the new key generated by the application stack?
The text was updated successfully, but these errors were encountered: