I’ve been trying to implement the Passbolt API into a .Net application.
Currently i am running a temporary localized CE edition on my own system, but the goal is to have a small dedicated system running passbolt. But before that i’d like to have my application working with the API.
I succeeded in authentication, read available resources, and decrypting the resources.
However i am stuck with adding a resource.
I am getting code 400 “Could not validate resource data.” response. Suspecting my JSON string was incorrect i started to look at the way the JSON string should be build. I have little to no experience in PHP, Go, Javascript so those examples where not getting me any closer sadly. And with Python i wasn’t getting much further as well. So i tried to see what the Passbolt Chrome plugin was sending using the DevTools of Chrome.
I’ve tried modifying the JSON string, with escape characters for the \r\n, moving around the array structure for the data element. Probably wasn’t going to work but i had to try.
Can anyone help me point me in the right direction? I feel like i am missing something obvious but cannot see it.
Hi @MrMark It’s nice to know you are working on a .NET approach. I’m not aware of any library for that yet.
Thanks for providing details on what you were posting that resulted in an error.
Have you seen the guides for API on the help site? The help site link is at the top of this site. There are reference pages there and a link to swagger docs: Swagger UI
For posting a new resource, the guides would show the secrets to have a user_id key as well. Maybe this helps?
Hi @garrett Thank you for your response. I did see the API guides but it does not seem to help in my case. I’ve been following the Swagger docs for the rest of my application and that seems to work. Just not for adding resources.
Sadly adding the user_id key to the secrets array did not work, it gets me the same response. I have retrieved the value for the user_id from /users/me.json and to verify it i tested it by using /users/(user_id).json. It gave me my user details so i’m sure i have the correct user_id.
I do see a difference in the content length value between the DevTools in Chrome, RestMan, and my application.
DevTools is the result of the Passbolt plugin which works and the content length there is 1164 bytes.
RestMan is 558 bytes.
.NET application is 772 bytes.
Not sure if this difference is the cause of my problem but it is strange and for now cannot seem to find why i have this difference.
I think you might be right. I copied the keys from passbolt into my application but there might be an issue with it. Perhaps with the string encoding in .NET and OpenPGP or something else. I’ll have to figure that one out.
I’ve been trying to use one of the examples in different languages. Just to see what they send as
And from the one in Go i copied the JSON string and used that in my .NET application. That reported success and the password was added. That tells me my request is good, it is just my JSON that is wrong. And as you said it is probably a incorrect key used in encrypting.
So i’ll have to look into the OpenPGP part in my software. It seemed to encrypt/decrypt string when i tested them. But perhaps i’ve overlooked something.
We have learned libraries often do handle keys differently. If you find that is the issue make sure to post back on the particular scenario/discrepancy, if you don’t mind. The devs would be interested in hearing about it for reference.
There does seem to be a difference between my encryption and what Passbolt expects.
If i compare the OpenPGP message i get from the Go example and the one i get from my own application, there is a significant difference in length of the message. However they both decrypt to the same output. There is probably some setting or a different function i need to use in my OpenPGP library.
@garrett It seems i managed to get it working.
I think it was a accumulation of different things together.
At first i copied pasted the private and public keys into a textbox for testing. But i suspect there might have been an issue with the default encoding of strings. Now i have download them from the passbolt server as files and load the files at runtime with the correct encoding. However i do not use the public key file anymore, see point 2.
I found in the Go sample that the users public key is downloaded from the Passbolt server after login. I changed my application to do the same, so i make sure that the public key is always correct for the logged in user.
The significant length difference in the OpenPGP message between the Go sample and my application was because i needed to use a different encrypting function. I used the function EncryptStream, and i needed to use EncryptArmoredStringAndSign.
It might be one of these 3 points but after playing around with all 3 i managed to get it working. So i cannot be exactly sure. But my guess is that point 3 fixed it.
There is still quite a few things i need to add before the API implementation is done. But this was probably one of the toughest parts to go through. If i have the encrypting/decrypting sorted the rest is just making sure the API calls are correct.
