Exoline - Always Returns Authorization Failed


#1

I was able to install exoline on a windows server successfully.
It seems it worked a few times, but is now returning authorization failed every time I run it:

One Platform exception: {u'message': u'Authorization failed', u'code': 401}

I am trying to figure out where to setup my vendor token - sometimes it works on the command line but not all the time.

I also cannot find documentation for the .exolinerc file format - otherwise where do I put my credentials?

Help, very frustrated :frowning:

Thanks,
-james


#2

I solved this myself - sort of - CIKs serve as authorization tokens.

However, what do I do if I want to get a list of CIKs from my portal?

Is there a way to get that via exo?


#3

Hi James,

I am trying to figure out where to setup my vendor token - sometimes it works on the command line but not all the time.

Heads up, your vendor token will be useful for interacting with Exosite’s Provisioning API, but it will not be treated and valid authentication by the RPC API.

If you want to change the state of serial numbers, or modify the client models your account owns, then the vendor token is the authentication to use.

I also cannot find documentation for the .exolinerc file format - otherwise where do I put my credentials?

I am not sure if the file format for the Windows .exolinerc need be different than the OSX or Linux .exoline config files. I’ll need to take some time to figure out what needs to be done here.

However, what do I do if I want to get a list of CIKs from my portal?

Without already having procured a parent CIK, the easiest way to do this is to use the Portals API. This way you can you your Portals admin credentials to get information about One Platform clients.

For Example, you can get the CIK of a portal and a list of its aliased children using the Get-portal endpoint. This way you will be able to exchange your Portals credentials for a CIK that can be used to authenticate RPC API requests.

Finding a portal’s ID in Portals can be tricky at first. You can always find the ID of a portal using the Portals API, your domain’s /admin/portallist(if you have admin access) page, or by loading the portal in your browser.

For clarity, there are two different services that your Exosite based business application is running on. Your devices typically talk to Exosite’s One Platform, while what you interact with in your Browser is a web application called Portals. This is called the Portals/One Platform stack. Each have their own APIs and different goals they mean to accomplish. It is possible to use a single API to get things done in Exosite, but you may find tasks easier by being familiar with both.

One important feature is that you do not need to posses the CIK of each and every ‘thing’ in your One Platform hierarchy. If you posses a parent CIK, you have permission to read, write, and edit each resource that the client owns, and each resource that each child owns – ad infinitum.

For details on how to use the RPC API to do this you will want to look at the following sections of documentation:

A short guide on which API to use:

Want to interact with a device and its data? Reading/Writing/Editing – Use the RPC API.

Doing an operation often or desire the best performance? Use the RPC API.

Want to interact with a user, portal, or dashboard? Use the Portals API.

Additional helpful links on Portals and the One Platform.

Start of theOne Platform Reference

Articles on the Portals and One Platform stack

Hopefully this helps,
-Martin


#4

This looks extremely useful - thanks for the important clarifications regarding which credentials authenticate which features - especially the ones that control access to assets - not just information.

I am shifting back and forth between application code communicating over the HTTP API, and the exoline utility.

Perhaps I can comment more on what I’ve used from this a bit further in the future.

THANK YOU.


#5

Martin,
Which API does the exoline CLI use?
Thanks,
-james


#6

The majority of commands use the RPC API.

Some of the Alpha and Beta commands in the 0.9.18 and 0.10.0 releases use a subset of the Provisioning API. E.G. model, sn, or content.


#7

Got it. Thank you.

FYI: After I used the windows install process to install Exoline CLI to 0.9.18, I used pip to upgrade the app to 0.10.0.

pip just does the right thing, once the correctly installed version 0.9.18 was installed and running.


#8

@Martin I somehow lost my mojo with exo.

Would you please remind me what I put for <auth> when using exo?

For example:

$ exo info
Usage:
    exo [options] info <auth> [<rid>]

What should be entered for <auth> above? [I know what to put for `<rid>`]


#9

I’m sorry, I re-read the post yet another time, and I realize that you provided a link that explains to use CIK for <auth> here: http://docs.exosite.com/portals/rpc/#authentication (repeated for convenience).

I realize the issue I was having was how to get the CIK for my user, so that I have a good CIK parent to use for other commands (e.g. $ exo move )

When I use curl with my admin credentials, I can get an <rid> - what curl command can I use to get the CIK?


#10

It is a chicken and egg problem I think. I don’t think there is a way for you to get the CIK of a user client through the Portals API.

There is a customer auth token that Exosite can share with the owner of a subdomain in Portals. This proverbial ‘key to the castle’ is necessary to complete some interactions, including the move that you are trying to do. Support will release this token to the Subdomain owner, and after that, the subdomain owner can do what they would like with this token.

This token should be used with the utmost care.

If this is an operation that you need to complete, you should ask the subdomain owner to email support@exosite.com. You should be able to tell who the subdomain owner is on your /admin/home page.

I don’t remember which domain you are working in, but if it is an old enough domain, the domain owner could be an @exosite.com email address. If that is the case send me a private message through the forum or open up a ticket with Exosite support with your subdomain’s name.

Happy to help,
-Martin


#11

I believe I would be the subdomain owner, as on my admin page, I have access to a vendor api token.
I believe we might have talked about this before, and how this token is a sensitive item as it can be used to access/change data.
If this is the thing to use for in the exo move command, then I should be good to go.

One question, if I move one RID to be the child of another, are there any situations where I would shoot myself in the foot, for example if I moved it to the wrong place, could I be unable to move it back, etc.? Assuming I would only use move, and not delete update or whatever.

Thanks,
-james


#12

Every admin of a Portals subdomain should have access to the Vendor API Token. This token can be used to authenticate http://docs.exosite.com/portals/provision/ calls, but you are not trying to work with client models or device serial numbers.

It is not the token you are looking for.

One question, if I move one RID to be the child of another, are there any situations where I would shoot myself in the foot, for example if I moved it to the wrong place, could I be unable to move it back, etc.? Assuming I would only use move, and not delete update or whatever.

Because of the CIK used to authenticate the call implies the the scope of the client hierarchy, it should not be possible for you to move any client to a place you can’t move it back from with the same CIK. Other than losing where you put the new client, I don’t think there are any other sharp edges.


#13

The email from domain owner is not achievable for me at this time.

Can this move be done via the api from Python? I have Python code I can use/modify.

Also, one other way I can do this is to simply rename the portal I have - is that doable via api?

Thanks,
-james


#14

Hmm, the API that your python code would hit is the same API that Exoline would hit. You won’t be able to move it that way.

You can update the name of a portal through the Portals API. http://docs.exosite.com/portals/portalsapi/#update-portal

Here is an example:

curl 'https://<subdomain>.exosite.com/api/portals/v1/portals/<portal_id>' \
     -X PUT \
     -d '{"info":{"description": {"name": "<new_name>"}}}' \
     -u 'useremail@gmail.com' \
     -i

There are a couple of ways to get a portal’s ID. From the URL in your browser when you have the portal loaded, or from your /admin/portallist page.


#15

The RPC API ‘update’ procedure would also work as well, but you would need a user CIK – the very thing you are having trouble getting a hold of.

This Portals API endpoint should to the trick using your admin user credentials.