When try to test proxy, it throws below error. The user has 'Organization Administrator' Role assigned.
https://{{org}}-{{env}}.apigee.net/v1/products
After replacing org as my Orgnaization name and env = test
The below error is because trying to consume following API for db of test environment:\
https://{org}}-{{env}}..apigee.net/db
{ "error": "unauthorized", "error_description": "This resource requires admin rights.", "exception": "" } |
I think maybe you are operating under some incorrect assumptions.
In any Apigee Edge system, there are multiple URL endpoints available:
When you create a custom proxy and deploy it, it listens on the proxy endpoint. When you want to deploy a proxy, or inquire as to the status of a deployment, or perform one of many many other administrative of operational tasks, you might use the Admin endpoint.
The Apigee Edge management server always evaluates authentication and user roles when you connect to the Admin API Endpoint.
Conversely, your custom API Proxy may or may not evaluate authentication. It's up to you. The behavior depends on how you implement it. You can configure it to accept a token, or an AIP key, or basic authentication (username + PassworD) . In no case will the proxy endpoint evaluate "orgadmin" credentials. Those creds are maintained by the Apigee mgmt infrastructure. Those credentials are not appropriate to use with custom API proxies. And it is impossible to validate those credentials within the scope of an API Proxy. Therefore, it is irrelevant that "the user has 'Organization Administrator' role". The API Proxy doesn't care.
If you have a custom API proxy and it listens on the /db basepath, and you are sending in a request to https://ORG-ENV.apigee.net/db , then any response message you get from that URL, including one that says "this resource requires admin rights", is emitted by YOUR API proxy. Likewise if your basepath is /v1/products .
If I had to guess I'd say you don't have your ORG and ENV set properly; you're using the wrong domain name. Just a guess.
If your org is "anbalagan-eval" then a proper domain would be anbalagan-eval-test.apigee.net and the URL would be https://anbalagan-eval-test.apigee.net/db
Does that look like what you're using?
I am following apigee edge course and trying to test the API proxy.
Step 1: Using product specs(Swagger based) in apigee Edge evaluation trial environment.
Step 2: Create an API proxy using the above product API specs and deploy to test environment.
Step 3: Test the proxy from Postman and also in browser
url: https://anb@@@@@-eval-test.apigee.net/v1/products
but getting error as 'Permission denied'. Please find the screenshots below:
FYI, Products API specs:
The API proxy deployed chosen with No Auth - Pass through option. So as per my understanding it should pass through without verifying authentication.
Am i missing anything here????
Hey @Kamalakannan Anbalagan, even I am using trail account & I have seen this error couple of times randomly.
I just ignore it & invoke the url few more times to make it work.
Possibly you are missing something.
you wrote "getting error as 'Permission denied'."
From postman? From the browser? Both? Is there a response payload?
more details please.
Have you tried running the browser developer tools and looking at the request/response fr the failed request?
If it's a CORS issue you should see it there.
Have you correlated the failure you see in postman or the browser with an Apigee Edge Trace session? (do you know HOW to run Trace within Apigee Edge?)
More diagnostics please.
@Kamalakannan Anbalagan - please add me to your org so that I can take a look at the setup. I have sent you an email
I was trying this lab in the coursera. For sure there is some unpredictable behaviour for some reason.
For some reason while testing nothing worked
On day 2 the lab for fetching products worked
When I was running the next lab by adding new operations for "products availability"
nothing worked
I started looking at trace and found that there was issue from the backend
401 - admin rights.
Moments later it worked.
Strange
With the postman tool by using env variable nothing works.
Get following error -
{ "fault": { "faultstring": "Unable to identify proxy for host: secure and url: /v1/products/697690/availability", "detail": { "errorcode": "messaging.adaptors.http.flow.ApplicationNotFound" } }
without using env variables everying works. May be I am missing something in postman tool. However coursera labs do seem to work sometimes. May be some thing about browser cache.
I wasted a day almost going over this problem.
@Dino-at-Google
Hi
Me too getting the same response as Anbalagan. Below is the response received. I could see successful response for sample different API which is created. I dont think this is because of the host name wrong. I am using the correct host name as
http://org_name-test.apigee.net/db
{ "error": "unauthorized", "error_description": "This resource requires admin rights.", "exception": "" }
Uploading the trace for reference. Please provide inputs to resolve this. Tried from Browser, Postman, SOAP-UI getting same response.
Please confirm if your firebase URL you were pointing to is returning a response. I guess this is coming from the Firebase backend
firebase-response-products.pngtrace-screenshot.png
Getting response from firebase URL.
As per the trace you attached, you are hitting https://org_name-trial-test.apigee.net, it should be your org name and env
I have updated the trace to mask my orginal details. My Bad 🙂
Please reply to existing comment instead of Answer
I guess something is wrong with your configuration. Can you add me to your org so that I can take a look at your proxy and config setup ? I will email you privately
Thank you, As per my analysis below was the issue, please correct me if missing anything. course-steps-in-buiding-your-first-api.png
Backend was configured to below as per the step provided in Lab building-your-first-api-proxy-in-apigee-edge
https://{org_name}-{env}.apigee.net/db
instead of https://{org_name}-{env}.apigee.net/db/products
So backend proxy edge-developer-training-backend was matching to below root flow and throwing 401 Unauthorized
<Flow name="root">
<Description/>
<Request>
<Step>
<Name>Raise-Fault-401</Name>
</Step>
</Request>
<Response/>
<Condition>(proxy.pathsuffix = "/" or proxy.pathsuffix MatchesPath "") and (request.verb = "GET")</Condition>
</Flow>
After updating the backend to
https://{org_name}-{env}.apigee.net/db/products
getting sucessful response.
Yes - In the above steps, there is a step to update the spec to point to your org and environment. If that was done correctly, when you import the proxy from the spec, it would pick that.
Not sure why you need to add /products as its part of the path suffix in the proxy. Please follow the instructions as mentioned and get back if you still find issues
As discussed the issue was because of using /v1/product as the basepath in the Product API proxy, Fixed this issue and its working as expected. No need to add the /product to the target endpoint if the base path is configured as /v1. Thanks
I too got the same error and was fixed by adding /db/products to the proxy target end point. The course material needs to be updated with this fix
dont think you need to update anything in the config. Please check the instructions. Vijay had a wrong config and reverting that fixed the issue.
Hello Everyone, It seems that several of us ran into this issue with the second Lab in course two. Lab: Test your Proxy
Im posting these steps here for your reference incase anyone runs into this issue.
I hope this helps anyone who got stuck.
Thanks
** Edit - dont need to edit spec, You can just rename the path for the existing API.
If you are following through the certification course on coursera, you should use this endpoint https://{{org}}-{{env}}.apigee.net/db/products instead of https://{{org}}-{{env}}.apigee.net/v1/products
The same happened to me but I checked the Firebase and make sure it looks like this:
{
"rules": {
".read": "auth == null",
".write": "auth == null"
}
}
before i have != null and it didn't work after change == null it work
if Firebase check the rules:
{ "rules": { ".read": "auth == null", ".write": "auth == null" } }
if you have !=null It doesn't work