Issue when creating a resource using the API

[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue

Hi, I’m communicating with passbolt API and I’m able to get resources,check secret and delete it if needed. Sadly I’m stuck with creating new resource. As I understand I should sent in POST request Json request. I’m doing this in php like below but as respond I got 400 and in logs I see.

Could not validate resource data. Request URL: /resources.json?api-version=v2

$data = json_encode(array( "name"=>$name, "username"=>$username,"uri"=>$uri, "secrets"=>array("user_id"=>$user_id,"data"=>$encrypted_secret)));

Sadly there is not much info in logs to finish it.

@romcis you do not have more information in the response? It should normally tell you which validation rule is failing. Also you can try sending the data as regular form data instead of json encoded data.

Yes I got response…but no idea what it mean.
{"header":{"id":"28664f85-4ca2-498f-85f3-dd036b5299ae","status":"error","servertime":1558613242,"title":"app_resources_add_error","action":"ad8bbc35-6435-538e-b1a7-80b87bcedb6a","message":"Not Found","url":"\/resources.json?api-version=v2","code":400},"body":{"secrets":{"hasAtMost":"Only the secret of the owner must be provided."}}}"

I think the issue is that you are logged in with one user and trying to create a secret for another one, e.g. the user_id do not match the current user. We should support this in the future but that’s currently not possible, you would need first to create for your current user, then use the share endpoint to drop permission for your current user and add permissions and secrets for the other user.

I’m getting my user_it from /users.json. I go though all users and find myself based on fingerprint of my gpg key. Then I take user_id from profile->user_id. I just checked and looks OK. I’m planning to create resource and then share it with proper groups.

you can also get the current user id using: /users/me.json

@romcis try sending the request without the user_id set, does it work?

Thanks for shortcut with /users/me.json.
But this din’t fix my trouble, even request without the user_id set has the same response.

@remy in this case I have another question. How do you recognize that password is not mine if you have just encrypted secret by public key? Or maybe special format which you need? :thinking:

@romcis I think the issue might be with the structure you are sending. Can you try with:

"secrets"=> array(array("user_id"=>$user_id,"data"=>$encrypted_secret))))

E.g. it should be secrets[0]['data'] not secrets['data']

1 Like

Thanks, this was my problem :slight_smile:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.