REST API Key Acquisition not working

MBizm · November 21, 2022, 6:02pm

Hey,
I’m using v2.19.1 to connect via ConBee II stick. During the process of acquiring an API key, the server will constantly report an 403 status, despite proper unlocking of the Gateway.
Request was crafted via postman. I also tried curl command:
curl http://192.168.1.22:80/api/ -X POST -d '{"devicetype":"TestKey"}' -v

Result

> POST /api/ HTTP/1.1
> Host: 192.168.1.22
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Length: 24
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 24 out of 24 bytes
< HTTP/1.1 403 Forbidden
< Access-Control-Allow-Origin: *
< Content-Type: application/json; charset=utf-8
< Content-Length: 78
< 
* Connection #0 to host 192.168.1.22 left intact
[{"error":{"address":"/","description":"link button not pressed","type":101}}]

Setup details:
raspbian, Conbee2, firmware 26780700, App in V2.19.1.

Thanks for help!
Michael

Mimiix · November 21, 2022, 7:10pm

Hi!

Link button not pressed meaning you didn’t activate the authenticate button.

MBizm · November 21, 2022, 7:49pm

Hey Dennis, like mentioned, button is pressed and countdown is running when sending the request. I’m attaching a screenshot

MBizm · November 21, 2022, 7:59pm

Hey,
I’m attaching a log file with the default configurations which hopefully indicates that gateway unlock button is pressed while sending the request.

Mimiix · November 22, 2022, 7:51am

Intresting, not sure whats going on here.

@de_employees can you check?

MBizm · November 28, 2022, 8:39am

I understand from Dennis response that the log indicates that there is an issue in deconz instance resulting in non-provision of API key. Is there any update?

Mimiix · November 28, 2022, 8:49am

Not sure this is an issue on deCONZ itself. I haven’t seen this before with anyone. I am not seeing any issue on the logs. That’s why i ask @de_employees to check in to see if they have a clue on how to figure out whats going on.

Smanar · November 28, 2022, 10:05am

Hello, can you make a try on localhost ? (authenticate button not needed for it)
And BTW same without the “-X” ?

The “unlock button procedure” is visible on log too

11:28:38:200 Text Data: 	{"unlock":60}
11:28:38:201 ApiMode: 0
11:28:38:202 gateway unlocked
11:28:38:203 [{"success":{"/config/unlock":60}}]

MBizm · November 28, 2022, 11:45am

Hey Smanar, happy to conduct a test. Let me know what to perform. (not sure on the remark regarding “without the ‘-X’”).

Smanar · November 28, 2022, 12:49pm

The comment about the “-X” is just a remark, I use it too, but in reality on recent cURL version this flag is useless.
Was just to test, but without conviction.

Try on the localhost is serious however. Try the request with 127.0.0.1 but make the command on local host. It will bypass the security.

You can too look on deconz log when pressing the authenticate button to see if you have an error on deconz.

Mimiix · November 28, 2022, 12:50pm

Additionally: What if you try Postman instead of curl?

MBizm · November 29, 2022, 8:31am

I can confirm, localhost access does get key granted on crafted POST request. CURL and PostMan request are behaving the same. I could not yet check whether this token is working. I will finally confirm once I have checked. Thanks for help!!

MBizm · November 29, 2022, 10:30am

I can confirm that GET request against API is working. Thanks again for help!!

Smanar · November 29, 2022, 3:38pm

No problem, but still a mystery why it’s don’t work on other machine using the authenticate button …
For the moment you are the only one with this issue, will see later, I don’t have idea on my side.