Solved: Rest Headers and 401 errors

manfriday · ‎06-17-2020

Hi!

a couple years ago I built a workflow that performed some REST calls to a veeam backup and replication server.

It worked fine until recently. Im not sure if it was changes to Orchestrator or changes to Veeams REST API, but the upshot is that I need to attach a header (x-restsvcsessionid) to each call I make to the REST API.

the first call I make to the API to get a session ID works.

I get back a header containing the base64 encoded session ID.

Now, I need to attach that header to all other calls to the REST API, and that is where things are falling apart for me.

IM pretty new to REST, so its probably something dumb I am doing.

Here is the code from the test I am doing:

var RestResponse = BRHost.createRequest("POST", "/api/sessionMngr/?v=latest", null).execute();

var sessionHeader = RestResponse.getHeaderValues("X-RestSvcSessionId")

System.log("X-RestSvcSessionId:" + sessionHeader);

var newRequest = BRHost.createRequest("GET", "api/hierarchyRoots", null);

newRequest.setHeader("x-restsvcsessionid",sessionHeader);

var hierarchyRootsXML = newRequest.execute();

hierarchyRootsListString = hierarchyRootsXML.contentAsString;

System.log(hierarchyRootsListString);

I get back a 401 error. "Identity was not authenticated", which is the same error I get back when I do NOT attach the header.

if I attached the header manually in Chromes REST client, it works so this makes me think im just not attaching the header properly in orchestrator.

Any help is appreciated.

iiliev · ‎06-17-2020

Hi,

The problem is likely in the way you retrieve the header value from the first API call and then pass it to the second API call.

This method call:

var sessionHeader = RestResponse.getHeaderValues("X-RestSvcSessionId")

returns not a single string value (the value of the header), but an array of string values. In practice, I guess it will be an array with one element, but still it is an array, which is not equivalent to a plain string.

So, when you later pass this value as a parameter to the call:

newRequest.setHeader("x-restsvcsessionid",sessionHeader);

you are actually passing not a single string value to be set to the header, but array of strings, which would cause the authentication error you are seeing.

To fix the problem, try replacing the above call with something like:

newRequest.setHeader("x-restsvcsessionid",sessionHeader[0]);

Of course, assuming that sessionHeader variable contains just one string element, so you may want to add some guard checks there to verify this.

View solution in original post

eoinbyrne · ‎06-17-2020

I think the case of the header is important

manfriday · ‎06-17-2020

Hi!

I have tried it with the case as listed and all lower-case, but it doesn't make a difference.

I changed the setHeader line to:

newRequest.setHeader("X-RestSvcSessionId",sessionHeader);

I am still getting that same 401 error.

I used the "Add a REST host" workflow to add the host to my orchestrator inventory, which I then pass in as a parameter. to my workflow.

I am assuming the username/pass I entered for that REST host object is being passed with each call of "createRequest".

does it look like I am using setHeader correctly?

Or maybe the username/pass is not being sent along properly?

I'm at a loss. 😕

iiliev · ‎06-17-2020

Hi,