Articles in this section

See more

401 Error from Prime REST API

Avatar
DevNet Support
Updated
Follow

Similar issue with Prime 2.2.3's REST API:

The 401 (Not authorized) only occurs while running the Python script, which uses Python's request module. The debug log shows the API it tried to access is: 

https://<prime-server>/webacs/api/v1/data/Devices.json, params={'.full': 'true'}, verify=False

 When tested the REST API point using Firefox's RESTClient, it worked fine:

 Request:

URL: https://<prime-server>/webacs/api/v1/data/Devices.json?.full=true

Response headers:

  1. Status Code: 200 OK
  2. Cache-Control: private
  3. Content-Range: instances 0-99/1428
  4. Content-Type: application/json
  5. Date: Tue, 23 Feb 2016 18:43:23 GMT
  6. Expires: Wed, 31 Dec 1969 19:00:00 EST
  7. Server: Apache-Coyote/1.1
  8. Transfer-Encoding: chunked
  9. X-NBI-TIME: 89

The Python script has been run as a daily cron job, collecting information from two Prime servers. The script has worked fine on both Prime servers until 2/19, when one of the two server started to respond with 401. 

Was resolved by restarting the Prime service.

 Then, there was a 503 error after 5 requests / responses, which led back to look at post 63660 again: Thought the code was not sending "Connection: keep-alive", but a little more debug log from Python's HTTP mode revealed and hence added a line in the code to explicitly send the "Connection: close" header as post 63660 suggested: That did the trick.

  • suspect that some OS patching on the box may have changed the underlying Python library to add in that "Connection: keep-alive" header.

check the url

https://<prime-server>/webacs/api/v1/data/Devices.json, params={'.full': 'true'}, verify=False

 Shouldn't the "verify=False" be part of the definition of the REST URL inside your Python script to prevent verifying the SSL certificate, and not part of the actual GET request. Also look at the definition of the URL in your Python script to get rid of those braces - Prime might be enabling an attack-protection routine. And even if the braces weren't there. Prime should see the URL that it receives should be formatted like this:

/https://<prime-server>/webacs/api/v1/data/Devices.json?.full=true

Please check to ensure your script is not using persistent connections.  If you're using non-local AAA (like TACACS), try increasing the retry count and timeout that you have configured in Prime.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.