Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue
Hi, I’m communicating with passbolt API and I’m able to get resources,check secret and delete it if needed. Sadly I’m stuck with creating new resource. As I understand I should sent in POST request Json request. I’m doing this in php like below but as respond I got 400 and in logs I see.
Could not validate resource data. Request URL: /resources.json?api-version=v2
@romcis you do not have more information in the response? It should normally tell you which validation rule is failing. Also you can try sending the data as regular form data instead of json encoded data.
@remy
Yes I got response…but no idea what it mean. {"header":{"id":"28664f85-4ca2-498f-85f3-dd036b5299ae","status":"error","servertime":1558613242,"title":"app_resources_add_error","action":"ad8bbc35-6435-538e-b1a7-80b87bcedb6a","message":"Not Found","url":"\/resources.json?api-version=v2","code":400},"body":{"secrets":{"hasAtMost":"Only the secret of the owner must be provided."}}}"
I think the issue is that you are logged in with one user and trying to create a secret for another one, e.g. the user_id do not match the current user. We should support this in the future but that’s currently not possible, you would need first to create for your current user, then use the share endpoint to drop permission for your current user and add permissions and secrets for the other user.
I’m getting my user_it from /users.json. I go though all users and find myself based on fingerprint of my gpg key. Then I take user_id from profile->user_id. I just checked and looks OK. I’m planning to create resource and then share it with proper groups.
@remy in this case I have another question. How do you recognize that password is not mine if you have just encrypted secret by public key? Or maybe special format which you need?