Issue when creating a resource using the API

romcis · May 23, 2019, 11:55am

Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

Hi, I’m communicating with passbolt API and I’m able to get resources,check secret and delete it if needed. Sadly I’m stuck with creating new resource. As I understand I should sent in POST request Json request. I’m doing this in php like below but as respond I got 400 and in logs I see.

Could not validate resource data. Request URL: /resources.json?api-version=v2

$data = json_encode(array( "name"=>$name, "username"=>$username,"uri"=>$uri, "secrets"=>array("user_id"=>$user_id,"data"=>$encrypted_secret)));

Sadly there is not much info in logs to finish it.

remy · May 23, 2019, 12:00pm

@romcis you do not have more information in the response? It should normally tell you which validation rule is failing. Also you can try sending the data as regular form data instead of json encoded data.

romcis · May 23, 2019, 12:11pm

@remy
Yes I got response…but no idea what it mean.
{"header":{"id":"28664f85-4ca2-498f-85f3-dd036b5299ae","status":"error","servertime":1558613242,"title":"app_resources_add_error","action":"ad8bbc35-6435-538e-b1a7-80b87bcedb6a","message":"Not Found","url":"\/resources.json?api-version=v2","code":400},"body":{"secrets":{"hasAtMost":"Only the secret of the owner must be provided."}}}"

remy · May 23, 2019, 12:14pm

I think the issue is that you are logged in with one user and trying to create a secret for another one, e.g. the user_id do not match the current user. We should support this in the future but that’s currently not possible, you would need first to create for your current user, then use the share endpoint to drop permission for your current user and add permissions and secrets for the other user.

romcis · May 23, 2019, 12:25pm

I’m getting my user_it from /users.json. I go though all users and find myself based on fingerprint of my gpg key. Then I take user_id from profile->user_id. I just checked and looks OK. I’m planning to create resource and then share it with proper groups.

remy · May 23, 2019, 12:26pm

you can also get the current user id using: /users/me.json

remy · May 23, 2019, 12:27pm

@romcis try sending the request without the user_id set, does it work?

romcis · May 23, 2019, 12:40pm

Thanks for shortcut with /users/me.json.
But this din’t fix my trouble, even request without the user_id set has the same response.

romcis · May 23, 2019, 1:21pm

@remy in this case I have another question. How do you recognize that password is not mine if you have just encrypted secret by public key? Or maybe special format which you need?

remy · May 23, 2019, 2:29pm

@romcis I think the issue might be with the structure you are sending. Can you try with:

"secrets"=> array(array("user_id"=>$user_id,"data"=>$encrypted_secret))))

E.g. it should be secrets[0]['data'] not secrets['data']

romcis · May 23, 2019, 2:49pm

Thanks, this was my problem

system · May 28, 2019, 2:49pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.