REST API Key Acquisition not working

I’m using v2.19.1 to connect via ConBee II stick. During the process of acquiring an API key, the server will constantly report an 403 status, despite proper unlocking of the Gateway.
Request was crafted via postman. I also tried curl command:
curl -X POST -d '{"devicetype":"TestKey"}' -v


> POST /api/ HTTP/1.1
> Host:
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Length: 24
> Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 24 out of 24 bytes
< HTTP/1.1 403 Forbidden
< Access-Control-Allow-Origin: *
< Content-Type: application/json; charset=utf-8
< Content-Length: 78
* Connection #0 to host left intact
[{"error":{"address":"/","description":"link button not pressed","type":101}}]

Setup details:
raspbian, Conbee2, firmware 26780700, App in V2.19.1.

Thanks for help!


Link button not pressed meaning you didn’t activate the authenticate button.

Hey Dennis, like mentioned, button is pressed and countdown is running when sending the request. I’m attaching a screenshot

I’m attaching a log file with the default configurations which hopefully indicates that gateway unlock button is pressed while sending the request.

Intresting, not sure whats going on here.

@de_employees can you check?

I understand from Dennis response that the log indicates that there is an issue in deconz instance resulting in non-provision of API key. Is there any update?

Not sure this is an issue on deCONZ itself. I haven’t seen this before with anyone. I am not seeing any issue on the logs. That’s why i ask @de_employees to check in to see if they have a clue on how to figure out whats going on.

1 Like

Hello, can you make a try on localhost ? (authenticate button not needed for it)
And BTW same without the “-X” ?

The “unlock button procedure” is visible on log too

11:28:38:200 Text Data: 	{"unlock":60}
11:28:38:201 ApiMode: 0
11:28:38:202 gateway unlocked
11:28:38:203 [{"success":{"/config/unlock":60}}]

Hey Smanar, happy to conduct a test. Let me know what to perform. (not sure on the remark regarding “without the ‘-X’”).

The comment about the “-X” is just a remark, I use it too, but in reality on recent cURL version this flag is useless.
Was just to test, but without conviction.

Try on the localhost is serious however. Try the request with but make the command on local host. It will bypass the security.

You can too look on deconz log when pressing the authenticate button to see if you have an error on deconz.

1 Like

Additionally: What if you try Postman instead of curl?

I can confirm, localhost access does get key granted on crafted POST request. CURL and PostMan request are behaving the same. I could not yet check whether this token is working. I will finally confirm once I have checked. Thanks for help!!

I can confirm that GET request against API is working. Thanks again for help!!

1 Like

No problem, but still a mystery why it’s don’t work on other machine using the authenticate button …
For the moment you are the only one with this issue, will see later, I don’t have idea on my side.