Rest API giving Authorisation error

[dcallagh]

Hi Gurus,
am extracting treatment logs from Accuchek SOLO for upload. testing the rest API for treatments at https:///api-docs/#/Treatments/addTreatments which provides a CURL of

curl -X POST "https:///api/v1/treatments" -H "accept: /" -H "api_secret:stuff" -H "Content-Type: application/json" -d "[{"eventType":"","created_at":"2021-04-10T15:28:00Z","carbs":27,"insulin":3.9}]"

gives an error:
{
"status": 401,
"message": "Unauthorized",
"description": "Invalid/Missing"
}

Any thoughts?

[psonnera]

I'm not sure this is covered by this documentation, did you ask in Discord? https://github.com/nightscout/cgm-remote-monitor/issues/new/choose

[bewest]

Howdy @dcallagh. I think you would benefit from looking at curl and a tool like json to accomplish something like the following:

cat <<EOT | json | curl --data-binary @-  -H "Content-Type: application/json" -H "API_SECRET: $hashed_secret" https:///api/1/treatments.json
[{"eventType":"","created_at":"2021-04-10T15:28:00Z","carbs":27,"insulin":3.9}]"
EOT

Note that the api secret has been hashed using something like echo -n mylongplainsecret | sha1sum - | cut -d ' ' -f 1. Also, there are subtle differences between -d or --data and --data-binary: --data-binary without any extra urlencoding is probably what you want.

[dcallagh]

Hi Ben,

      Thanks for the help, as I suspected the CURL on nightscout swagger is wrong.   I have had another look using the nightscout 'ADD treatment' panel, and the error is the name of the auth token: Lowercase "api-secret" is correct so the swagger page should be corrected. I had previously looked at the ADD panel but was focussed on the sha1 value and did not notice the api token was a different name. 

Result from using your suggested curl command slightly amended to include Json embedded, but still with the upper case API_SECRET gave the same error:
$ hashed_scret=echo -n <passkey> | sha1sum - | cut -d ' ' -f 1
$ curl --data-binary '[{"eventType":"","created_at":"2021-04-10T15:28:00Z","carbs":27,"insulin":3.9}]' -H "Content-Type: application/json" -H "API_SECRET: $hashed_scret" -X POST https://.herokuapp.com/api/v1/treatments.json

{"status":401,"message":"Unauthorized","description":"Invalid/Missing"}

[bolattleubayev]

Hey @dcallagh ,

I think that I have found something for that matter. Here it says that you need to put API-SECRET instead of API_SECRET to the header and the secret itself should be SHA1 hashed

Hope that helps!

[tzachi-dar]

I must say that this did not seem to work with latest version, but in any case if someone gets into here:
REST_ENDPOINT=https://snirdev.hopto.org/api/v1/entries.json?token=try-0da467168cf4xxxx
curl -m 30 -s -X POST --data-binary @${ENTRIES} -H "content-type: application/json" ${REST_ENDPOINT}

This works, with the new security model where the token has write permissions.

[dinizmauricio]

@dcallagh,
Did you manage to resolve the problem? I'm going through the same situation.

[dcallagh]

Yes, I cannot recall the solution though as weve moved to tsl8m. Think it was the url path being invalidSent from my Galaxy -------- Original message --------From: dinizmauricio ***@***.***> Date: 16/10/23 3:19 am (GMT+10:00) To: "nightscout/nightscout.github.io" ***@***.***> Cc: dcallagh ***@***.***>, Mention ***@***.***> Subject: Re: [nightscout/nightscout.github.io] Rest API giving Authorisation error (#111) @dcallagh, Did you manage to resolve the problem? I'm going through the same situation. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[dcallagh]

I'll see if I can hunt up the Python Sent from my Galaxy -------- Original message --------From: dinizmauricio ***@***.***> Date: 16/10/23 3:19 am (GMT+10:00) To: "nightscout/nightscout.github.io" ***@***.***> Cc: dcallagh ***@***.***>, Mention ***@***.***> Subject: Re: [nightscout/nightscout.github.io] Rest API giving Authorisation error (#111) @dcallagh, Did you manage to resolve the problem? I'm going through the same situation. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

[dinizmauricio]

@dcallagh, I tried with the code below, but it's not working. :/

#############
myHash='d018020ba8f49a010afdbabf7e8be89441085750'
header1 = {'api-secret': myHash}
data = {
"carbs": 10
}
resposta = requests.post('http://192.168.0.1:17580/entries', headers=header1, json=data)

print(resposta.status_code)

print (resposta.text)

[dcallagh]

Here's one version I found.#REST UPLOADurl = "https://mynightscout.herokuapp.com/api/v1/treatments"str="mysecret"sha1=hashlib.sha1(str.encode())headers = {"api-secret":sha1.hexdigest()}Sent from my Galaxy -------- Original message --------From: dinizmauricio ***@***.***> Date: 16/10/23 8:15 am (GMT+10:00) To: "nightscout/nightscout.github.io" ***@***.***> Cc: dcallagh ***@***.***>, Mention ***@***.***> Subject: Re: [nightscout/nightscout.github.io] Rest API giving Authorisation error (#111) @dcallagh, I tried with the code below, but it's not working. :/ ############# myHash='d018020ba8f49a010afdbabf7e8be89441085750' header1 = {'api-secret': myHash} data = { "carbs": 10 } resposta = requests.post('http://192.168.0.1:17580/entries', headers=header1, json=data) print(resposta.status_code) print (resposta.text) —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>