401 in REST APIs

[waiphyodev]

Hi,

My cloudstack api url for create user is like

http://cloudstack-host/client/api?account&command=createUser&email=userthree%40mail.com&firstname=User&lastname=Three&password=password&response=json&username=userthree&signature=

It rejects me with 401
It is happening only in createUser and createAccount APIs
If someone know what is happening here, I really appreciate for your help

Thanks,

[boring-cyborg[bot]]

Thanks for opening your first issue here! Be sure to follow the issue template!

[DaanHoogland]

@waiphyodev , I suppose you left out the signature on purpose and did include it in your attempts to create a user.
there is “account” between the URL and the rest of the parameters,
my try looks like

http://host/client/api/?command=createAccount&response=json&sessionkey=… 

and is a post request with parameters.

roleid=<role-id>&username=userthree&password=password&email=userthree%40mail.com&firstname=User&lastname=Three&domainid=<domain-id>

if this seems ok,
Have a look at the rights of the executing user, Do they have rights to this API.

[waiphyodev]

Thanks for reply.
Yes, it does have required permissions to do request because I do the same process via CloudStack dashboard with the same account and it is fine.
This is happening only via API.
What if I'm calling with API key, how should I give payload in which method.

[waiphyodev]

GET (401 error)
http://host/client/api?apikey=<api-key>&command=createAccount&domainid=<domain-id>&email=userthree%40mail.com&firstname=User&lastname=Three&password=password&response=json&roleid=<role-id>&username=userthree&signature=<signature>

POST (431 error)
http://host/client/api?apikey=<api-key>&command=createAccount&response=json&signature=<signature>

with payload
{ email: 'userthree@mail.com', firstname: 'User', lastname: 'Three', username: 'userthree', password: 'password', roleid: '902f63f7-3235-11f0-8e75-2a84a8b381fa', domainid: '60afa7af-3235-11f0-8e75-2a84a8b381fa' }

[weizhouapache]

GET (401 error) http://host/client/api?apikey=<api-key>&command=createAccount&domainid=<domain-id>&email=userthree%40mail.com&firstname=User&lastname=Three&password=password&response=json&roleid=<role-id>&username=userthree&signature=<signature>

POST (431 error) http://host/client/api?apikey=<api-key>&command=createAccount&response=json&signature=<signature>

with payload { email: 'userthree@mail.com', firstname: 'User', lastname: 'Three', username: 'userthree', password: 'password', roleid: '902f63f7-3235-11f0-8e75-2a84a8b381fa', domainid: '60afa7af-3235-11f0-8e75-2a84a8b381fa' }

sessionkey is needed i think

[waiphyodev]

My bad! Thanks for all your helps.

(error) params => get signature for params => encode signature
(success) params => encode params => get signature for encoded params => encode signature

    const params = {
        ...queryParams,    // parameters like command
        apikey: <api-key>,
        response: "json",
    };

    const sortedKeys = Object.keys(params)
        .map((k) => k.toLowerCase())
        .sort();

    const encodedSortedQuery = sortedKeys.map((k) => `${k}=${encodeURIComponent(params[k])}`).join("&");

    const signature = crypto.createHmac("sha1", <secret-key>).update(encodedSortedQuery.toLowerCase()).digest("base64");
    const encodedSignature = encodeURIComponent(signature);

    const signedUrl = `<host>?${encodedSortedQuery}&signature=${encodedSignature}`;

For the purpose of if someone is having errors and want to check the scenario in js