Authorization for REST call to C3 platform


#1

I am trying to make a REST call to C3 platform from a device (Raspberry Pi). I am using c3auth token taken from cookies from my browser and added it to headers. It throws urllib2.HTTPError: HTTP Error 500: Server Error error.
headers = {"Accept":"application/json", "Content-Type":"application/json", "Authorization":authKey}
authKey = 30xXXXXXX.....
I also tried by adding my Okta credentials but the error remained the same.
Should I add anything more for authorization ?


#2

the Authorization header is the Base64 of this string username:password


#3

You can use set the headers to

{
  "Authorization": "Basic Base64String",
  "Content-Type": "application/json",
  "Accept": "application/json"
}

Replace Base64String with the Base64 of username:password

You can get Base64 string in the static console by Base64.encodeString('username:password')


#4

HTTP 500 error is a server error that has nothing to do with authentication (HTTP 401). So in this case you did authenticate correctly, but some error happened in the server.


#5

HTTP 500 errors may hide security-related problems, e.g.:

c3SwitchAll('tenant', 'tag')
POST https://environment.c3iot.com/api/1/tenant/tag/Console?action=init 500 (ServerError)
Uncaught C3.typesys.Error {name: "C3Error", message: "You do not have access to console functionality in tentant/tag. [NotAuthorized]", ....}

#6

In python, I tend to use the requests library and its async version grequests:

import requests
from requests.auth import HTTPBasicAuth
c3server = ...
tenant = config.get("tenant")
tag = config.get("tag")
c3user = ...
c3password = ...
func = grequests.post if doasync else requests.post
response = func(url='{0}/api/1/{1}/{2}/{3}?action={4}'.format(c3server, tenant, tag, type, action)
                         , json=kwargs
                         , auth=HTTPBasicAuth(c3user, c3password)
                         , headers={"Accept": "application/json",
                                    "Content-type": "application/json",
                                    }
                         )
if !hasattr(response,"status_code") or response.status_code != 200:
    logger.error(response.reason)
    raise Exception("Invalid request", response.reason)
else:
    return response

and it works