Zitadel Executing System API Call #7784
-
Having issues using the system API. Environment
My goal is simple. To be able to execute the following command.
From this documentation. What I have doneDocumentation Used: https://zitadel.com/docs/guides/integrate/zitadel-apis/access-zitadel-system-api#system-api-user Generate an RSA private key with 2048 bit modulus:
and export a public key from the newly created private key:
Results: Provide the public key to the ZITADEL runtime configuration. The path to the key:
Configured default.yml run-time file. Results:
Restart Zitadel
Execute sysytem API and receive the following error.
Think I need to add bearer token . So, I created a machine user and gave roles. From the documentation: If you don't specify any memberships, you are allowed to access the whole ZITADEL System API. So I'm not sure what s going on at this point. My next try with system API call as follow:
Results:
ZITADEL ToolsFurther down the documentation I tried Zitadel-tools
So far at this point none of mine system API calls work, BUT on the upside this does work but its not a system API call.
Im trying to understand where i may have went wrong. Any help would be apperciated. |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 6 replies
-
Another configuration test. No joy. I adjust my SystemAPIUser settings as follow.
Stopped Zitadel service,
Then i execute setup
No errors were shown. Started Zitadel service.
Still have error
Im running out of ideas what it could be. All the other API calls work except for system API's |
Beta Was this translation helpful? Give feedback.
-
I was unable to get Zitadel-tools to work. Unsure about this part here , For troubleshooting, I created my machine users with the same name as my SYSTEM_USER ( i.e., system-user-1) then I downloaded the key as shown here. What I did notice in the "Generate JWT" step, my key I downloaded showed that information. So I'm confused at this point, was I suppose to do that ? The documentation did not state to download a key from Web UI. Here is my key I downloaded from user "system-user-1". I created this in the Web UI. root@zitadel-build:/usr/local/bin# cat test.json
Just to clarify, another Machine user I created works on every API call except for /SYSTEM which I understand now. The step in which I need to get/make the token is where I'm failing at. This is just a guess. |
Beta Was this translation helpful? Give feedback.
-
Ok now I see where I'm failing.
I need to get the Zitadel-tools to work. This it where it fails, I'm not sure if I need to make Action or modify my RSA keypair from the doc's. I have tried both still getting the same error as shown above. EDIT: Execute this command after creating certs.
Output:
I think its the way the certs are made openssl genrsa -out system-user-1.pem 2048 , Not 100% sure. |
Beta Was this translation helpful? Give feedback.
-
Found something, first this post From what livio-a stated I tried The results doesn't look right. I executed the the following command
Output:
So I tried again with a SYSTEM API
Different error, I cant win... 😆 How I found that post was from here. |
Beta Was this translation helpful? Give feedback.
-
Understood, but I'm not sure how to make the token from Zitadel-tools, its just not working as shown above. |
Beta Was this translation helpful? Give feedback.
-
I found my issue why Zitadel-tools failed. zitadel/zitadel-tools#97 |
Beta Was this translation helpful? Give feedback.
@fforootd
I found my issue why Zitadel-tools failed. zitadel/zitadel-tools#97