Unable to use api keys

Hi there

I im trying to implement api key security in my plain http channel.

I create the api key for example:
Name: testkey
Header: testkey
Key: test

I then assign it to one of my plain http channels.

However when I try hit the channel:
curl http://localhost:11223/stats/ -H “testkey: test”

i get
UNAUTHORIZED path_info:/stats/,cid:K0619T305D6QN2AC0FWCQB1MYSRS

Am I doing something wrong here ?

Thanks to anyone in advance that can help me out.

Thanks @rafal

Any luck with this ?

OK i’ve given up with the keys so I thought I’d use plain auth instead with my plain http incoming channel.
username : test
password: password

however when I do this :
curl -v “http://localhost:11223/testapi” -u “test:passsword”

i get :
< HTTP/1.1 401 Unauthorized
< Server: Zato
< Date: Tue, 20 Dec 2016 13:53:52 GMT
< Connection: close
< Transfer-Encoding: chunked
< X-Zato-CID: K07DZ0MGQ2QEW316BGNHN2GHT83Z
< WWW-Authenticate: zato-apikey
<

  • Closing connection 0
    UNAUTHORIZED path_info:/testapi, cid:K07DZ0MGQ2QEW316BGNHN2GHT83Z

If anyone can point me in the right direction ?

Hello @lxtechie,

can you tell me what this command returns?

$ zato --version

Also, in the example with Basic Auth please note that WWW-Authenticate returned ‘zato-apikey’ as though the channel you were invoking was still using API keys instead of Basic Auth. Are you sure it is the latter?

Regards.

Hi @dsuch

Whoops yes that fixed it. If you guys still want my zato version number its:
{code}
Zato 2.0.7.rev-b4239b81
{code}

Hello @lxtechie,

to follow up on your original question - yes, there were a few irregularities in how API keys were handled. This is now fixed in GitHub and will be published in 2.0.8.

Regards.

Hi,

May I know when will 2.0.8 be official released? I am too facing API keys issues and will like to use it,

Regards,

Hi Keith,

this should be within several weeks now - we are automating certain aspects of the build pipeline as we speak and this needs to be completed first. But that takes its own time - build automation is quite time-consuming.

As far as open tickets for 2.0.8 go - only a few simple ones are left and they will be dealt with in the next week.

If it’s convenient for you, possible to point to me which files were patched that resolved this issues?

Regards,

It was resolved in these commits:


Hi @keith,

this is a heads-up that a recent setuptools release basically broke our build - we are working on it but there will be a delay in releasing 2.0.8.

I apologize for it, final steps were to be carried out starting March 6 but it turned out that on March 3 the then newest setuptools broke some dependencies.

This is outside of our control and I can only say I’m sorry - 2.0.8 will be released as soon as we get around these issues.

Hi @dsuch,

No need to apologize and thank you for the heads-up. I have already implemented the patches you have given. It works great in our current production environment now and therefore no urgency at the moment to upgrade. Really appreciate your personalized communication. Will wait for your official release announcement.