Resin request error: Unauthorized and data loss

raspberrypi3

#1

Hello. For some reason I am getting Resin.request.error: Unauthorized when I try to update the device tags. Firstly, I spotted it on node.js sdk and after that I am experiencing it on the python one. So the major problem after this is that I tried to update the tags with your API directly and I end up having ruined all tags for 100 devices. The API I used: https://api.resin.io/v4/device_tag?$filter=tag_key eq ‘’ When testing locally, I change the tag succesfully but when I started it in a python script which began updating them I ended up making all tags with one value… This is the request I am making:

data = json.dumps({“device”: str(device_id), “value”: str(tag_value)})
response = requests.patch(
update_existing_tag_url.format(tag_key),
headers={“content-type”:“application/json”,“Authorization”:“Bearer {}”.format(auth_token)},
data = data
)

Can we somehow revert to yesterday backup? (if there is such)


#7

Taking a look at this now. I don’t believe we have a way to restore tag values that have been overridden by the API, but I am checking with the team. We can take a look at the script to see where the issue might have occurred, can you share what update_existing_tag_url does?


#8

update_existing_tag_url = “https://api.resin.io/v4/device_tag?$filter=tag_key eq ‘{}’” This is a variable for the API url I used.


#19

The issue with the script may be that the spaces in the request are not URI encoded (%20), so everything after tag_key is lost.

We’re still investigating our options for recovery, but for future use we strongly recommend testing any scripted API calls on non-production devices, as these types of errors can inadvertently cause major configuration changes.


#22

Agree. I used it on a non-production before that with the same url. Isn’t it parsing the space to %20 by default?


#24

Yes, after looking at it a bit more that’s probably not the issue. If you run a similar script using a GET request rather than a PATCH, are you able to correctly narrow down to specific devices?


#25

Yes. I am getting tags information on this url: https://api.resin.io/v4/device_tag


#28

BTW do you know why am I getting Unauthorized when I update tags through the sdks?


#31

Do you know if you’re using a session token or an API key for authentication? It might be helpful to see an example of how you’re using the SDK, so we can better troubleshoot.


#32

I am using a session token for the API and credentials for the SDKs. I tried with the API key as well. Logged in but couldn’t update.


#36

resin = Resin()
credentials = {‘username’:"", ‘password’:""}
resin.auth.login(**credentials)

On python. I think I shouldn’t be seeing this when authenticated with username and password. I know that the session token is valid 7 days.