manfriday
Enthusiast
Enthusiast

Rest Headers and 401 errors

Jump to solution

Hi!

a couple years ago I built a workflow that performed some REST calls to a veeam backup and replication server.

It worked fine until recently. Im not sure if it was changes to Orchestrator or changes to Veeams REST API, but the upshot is that I need to attach a header (x-restsvcsessionid) to each call I make to the REST API.

the first call I make to the API to get a session ID works.

I get back a header containing the base64 encoded session ID.

Now, I need to attach that header to all other calls to the REST API, and that is where things are falling apart for me.

IM pretty new to REST, so its probably something dumb I am doing.

Here is the code from the test I am doing:

        var RestResponse = BRHost.createRequest("POST", "/api/sessionMngr/?v=latest", null).execute();

var sessionHeader = RestResponse.getHeaderValues("X-RestSvcSessionId")

System.log("X-RestSvcSessionId:" + sessionHeader);

var newRequest = BRHost.createRequest("GET", "api/hierarchyRoots", null);

newRequest.setHeader("x-restsvcsessionid",sessionHeader);

var hierarchyRootsXML = newRequest.execute();

hierarchyRootsListString = hierarchyRootsXML.contentAsString;

System.log(hierarchyRootsListString);

I get back a 401 error. "Identity was not authenticated", which is the same error I get back when I do NOT attach the header.

if I attached the header manually in Chromes REST client, it works so this makes me think im just not attaching the header properly in orchestrator.

Any help is appreciated.

1 Solution

Accepted Solutions
iiliev
VMware Employee
VMware Employee

Hi,

The problem is likely in the way you retrieve the header value from the first API call and then pass it to the second API call.

This method call:

var sessionHeader = RestResponse.getHeaderValues("X-RestSvcSessionId")

returns not a single string value (the value of the header), but an array of string values. In practice, I guess it will be an array with one element, but still it is an array, which is not equivalent to a plain string.

So, when you later pass this value as a parameter to the call:

newRequest.setHeader("x-restsvcsessionid",sessionHeader);

you are actually passing not a single string value to be set to the header, but array of strings, which would cause the authentication error you are seeing.

To fix the problem, try replacing the above call with something like:

newRequest.setHeader("x-restsvcsessionid",sessionHeader[0]);

Of course, assuming that sessionHeader variable contains just one string element, so you may want to add some guard checks there to verify this.

View solution in original post

4 Replies
eoinbyrne
Expert
Expert

I think the case of the header is important

pastedImage_1.png

0 Kudos
manfriday
Enthusiast
Enthusiast

Hi!

I have tried it with the case as listed and all lower-case, but it doesn't make a difference.

I changed the setHeader line to:


newRequest.setHeader("X-RestSvcSessionId",sessionHeader);

I am still getting that same 401 error.

I used the "Add a REST host" workflow to add the host to my orchestrator inventory, which I then pass in as a parameter. to my workflow.

I am assuming the username/pass I entered for that REST host object is being passed with each call of "createRequest".

does it look like I am using setHeader correctly?

Or maybe the username/pass is not being sent along properly?

I'm at a loss. 😕

0 Kudos
iiliev
VMware Employee
VMware Employee

Hi,

The problem is likely in the way you retrieve the header value from the first API call and then pass it to the second API call.

This method call:

var sessionHeader = RestResponse.getHeaderValues("X-RestSvcSessionId")

returns not a single string value (the value of the header), but an array of string values. In practice, I guess it will be an array with one element, but still it is an array, which is not equivalent to a plain string.

So, when you later pass this value as a parameter to the call:

newRequest.setHeader("x-restsvcsessionid",sessionHeader);

you are actually passing not a single string value to be set to the header, but array of strings, which would cause the authentication error you are seeing.

To fix the problem, try replacing the above call with something like:

newRequest.setHeader("x-restsvcsessionid",sessionHeader[0]);

Of course, assuming that sessionHeader variable contains just one string element, so you may want to add some guard checks there to verify this.

View solution in original post

manfriday
Enthusiast
Enthusiast

Yep! that fixed it!

Thanks very much!

0 Kudos