"Unauthorized" response


#1

When sending a request to update an enviromental variable via the API I’m getting an “Unauthorized” message.

The request has the necessary “Authorization: Bearer <AUTH_TOKEN>” in the header, and was working earlier today.

Is there some limit to logins with an API token, or am I experiencing some other form of throttling?


#4

It seems I am able to POST using the API key, but not PATCH or DELETE.

There must be something I am missing here…


#5

We do throttle login requests, but from what I recall it is a fairly generous throttle. Approximately how many login attempts will you have performed in the last second, minute, hour & day, so we can reckon if you’re close to that limit. Also what is your Resin username and public facing IP (I’d recommend PMing them across to me) so we can see if limits have been invoked.


#6

Ooh, okay, a bit of cross posting there. What resource are you trying to PATCH or DELETE?


#7

At the moment I’m trying to PATCH a device environment variable. I can create it, but PATCH returns “Unauthorized” even though the headers on both requests contain the same "Bearer "

The really strange thing is it was working earlier today when I discovered my .NET SDK had not included the Authorization header on PATCH requests, and I added it.


#8

When you say PATCH a device environment variable, does the url uniquely identify the environment variable? I’m a little confused by what a PATCH would mean in that context. “keep existing properties, but merge these properties in” doesn’t really make sense for an atomic entity such as an environment variable.


#9

I’m trying to update the variable, as defined here:
https://docs.resin.io/reference/api/resources/device_environment_variable/


#14

Many thanks for that link, that has really helped me understand what a PATCH would mean. Would it be okay for you to enable support access on that device and PM to me both the url of the dashboard and the curl command you are running.


#15

If I can find the “PM” button anywhere, sure :slight_smile: Otherwise, feel free to PM me


#16

PM sent.


#18

PM received, so I’m just skim reading it now and will continue the conversation here.


#19
  • In the details you provided me of the PATCH request I see no body/payload. I’d expect that to be present on a PATCH even if it is just {"value":""}.
  • I also note you’re requesting environment_variable() where the docs you linked to use device_environment_variable().
  • I’m making the assumption the rest of the domain and path are provided somewhere else in your interface and that they are https://api.resin.io/v4/

#20

Yes, the body of the package is serialized so I couldn’t send it. I also just noticed the difference in the request and I’m happy to report that was the issue :slight_smile:
The .NET SDK I’ve been using (only one I could find) was originally made for v1 of the API. I obviously need to go through it more thoroughly if it’s to be reliable with v4 of the API

Thank you very much for your time and effort!


#21

Glad to have gotten to the bottom of it! Hope to hear more, especially if this is the lead up to something IoT & cool!